/**
 *
 */
import Util;
import OpenApi;
import OpenApiUtil;
import EndpointUtil;

extends OpenApi;


init(config: OpenApi.Config){
  super(config);
  @endpointRule = 'central';
  
  checkConfig(config);
  @endpoint = getEndpoint('ims', @regionId, @endpointRule, @network, @suffix, @endpointMap, @endpoint);
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!Util.empty(endpoint)) {
    return endpoint;
  }
  
  if (!Util.isUnset(endpointMap) && !Util.empty(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return EndpointUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

model AddClientIdToOIDCProviderRequest {
  clientId?: string(name='ClientId', description='The client ID that you want to add.

The client ID can contain letters, digits, and special characters and cannot start with the special characters. The special characters are periods (.), hyphens (-), underscores (_), colons (:), and forward slashes (/). 

The client ID can be up to 64 characters in length.', example='598469743454717****'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model AddClientIdToOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='498469743454717****,598469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='B49B8FA7-87FC-5308-AE75-5EC9E36C360A'),
}

model AddClientIdToOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddClientIdToOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @param request AddClientIdToOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddClientIdToOIDCProviderResponse
 */
async function addClientIdToOIDCProviderWithOptions(request: AddClientIdToOIDCProviderRequest, runtime: Util.RuntimeOptions): AddClientIdToOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.clientId)) {
    query['ClientId'] = request.clientId;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddClientIdToOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @param request AddClientIdToOIDCProviderRequest
 * @return AddClientIdToOIDCProviderResponse
 */
async function addClientIdToOIDCProvider(request: AddClientIdToOIDCProviderRequest): AddClientIdToOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return addClientIdToOIDCProviderWithOptions(request, runtime);
}

model AddFingerprintToOIDCProviderRequest {
  fingerprint?: string(name='Fingerprint', description='The fingerprint of the HTTPS certificate.

The fingerprint can contain letters and digits.

The fingerprint can be up to 40 characters in length.', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model AddFingerprintToOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/OIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='498469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='502ef2deeb3c5b13ea4c3d5193629309e231****,902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The name of the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='4B809BBC-0E78-544A-A91A-648926412E3E'),
}

model AddFingerprintToOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddFingerprintToOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to add the fingerprint `902ef2deeb3c5b13ea4c3d5193629309e231****` to the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request AddFingerprintToOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddFingerprintToOIDCProviderResponse
 */
async function addFingerprintToOIDCProviderWithOptions(request: AddFingerprintToOIDCProviderRequest, runtime: Util.RuntimeOptions): AddFingerprintToOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.fingerprint)) {
    query['Fingerprint'] = request.fingerprint;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddFingerprintToOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to add the fingerprint `902ef2deeb3c5b13ea4c3d5193629309e231****` to the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request AddFingerprintToOIDCProviderRequest
 * @return AddFingerprintToOIDCProviderResponse
 */
async function addFingerprintToOIDCProvider(request: AddFingerprintToOIDCProviderRequest): AddFingerprintToOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return addFingerprintToOIDCProviderWithOptions(request, runtime);
}

model AddUserToGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Test-Team'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model AddUserToGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model AddUserToGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUserToGroupResponseBody(name='body'),
}

/**
 * @summary Adds a Resource Access Management (RAM) user to a RAM user group.
 *
 * @param request AddUserToGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserToGroupResponse
 */
async function addUserToGroupWithOptions(request: AddUserToGroupRequest, runtime: Util.RuntimeOptions): AddUserToGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddUserToGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds a Resource Access Management (RAM) user to a RAM user group.
 *
 * @param request AddUserToGroupRequest
 * @return AddUserToGroupResponse
 */
async function addUserToGroup(request: AddUserToGroupRequest): AddUserToGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return addUserToGroupWithOptions(request, runtime);
}

model BindMFADeviceRequest {
  authenticationCode1?: string(name='AuthenticationCode1', description='The first verification code.

>  You can call the [CreateVirtualMFADevice](https://help.aliyun.com/document_detail/186179.html) operation to create an MFA device and generate a key (value of `Base32StringSeed`). Then, use the key on the Alibaba Cloud app to manually add an MFA device, and obtain the two consecutive verification codes.', example='123456'),
  authenticationCode2?: string(name='AuthenticationCode2', description='The second verification code.

>  You can call the [CreateVirtualMFADevice](https://help.aliyun.com/document_detail/186179.html) operation to create an MFA device and generate a key (value of `Base32StringSeed`). Then, use the key on the Alibaba Cloud app to manually add an MFA device, and obtain the two consecutive verification codes.', example='654321'),
  serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.

>  You can call the [CreateVirtualMFADevice](https://help.aliyun.com/document_detail/186179.html) operation to obtain the serial number of the MFA device.', example='acs:ram::177242285274****:mfa/device001'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model BindMFADeviceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B9AF80E4-1565-42D9-9256-0B8B0D9FD3EC'),
}

model BindMFADeviceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: BindMFADeviceResponseBody(name='body'),
}

/**
 * @summary Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user.
 *
 * @param request BindMFADeviceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return BindMFADeviceResponse
 */
async function bindMFADeviceWithOptions(request: BindMFADeviceRequest, runtime: Util.RuntimeOptions): BindMFADeviceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.authenticationCode1)) {
    query['AuthenticationCode1'] = request.authenticationCode1;
  }
  if (!Util.isUnset(request.authenticationCode2)) {
    query['AuthenticationCode2'] = request.authenticationCode2;
  }
  if (!Util.isUnset(request.serialNumber)) {
    query['SerialNumber'] = request.serialNumber;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'BindMFADevice',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user.
 *
 * @param request BindMFADeviceRequest
 * @return BindMFADeviceResponse
 */
async function bindMFADevice(request: BindMFADeviceRequest): BindMFADeviceResponse {
  var runtime = new Util.RuntimeOptions{};
  return bindMFADeviceWithOptions(request, runtime);
}

model ChangePasswordRequest {
  newPassword?: string(name='NewPassword', description='The new password that is used to log on to the console.

The password must meet the complexity requirements. For more information, see [GetPasswordPolicy](https://help.aliyun.com/document_detail/186691.html).

This parameter is required.', example='newpassword'),
  oldPassword?: string(name='OldPassword', description='The old password that is used to log on to the console.

This parameter is required.', example='mypassword'),
}

model ChangePasswordResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='04F0F334-1335-436C-A1D7-6C044FE73368'),
}

model ChangePasswordResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ChangePasswordResponseBody(name='body'),
}

/**
 * @summary Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
 *
 * @description >  This operation is available only for RAM users. Before you call this operation, make sure that `AllowUserToChangePassword` in [SetSecurityPreference](https://help.aliyun.com/document_detail/43765.html) is set to `True`. The value True indicates that RAM users can manage their passwords.
 *
 * @param request ChangePasswordRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ChangePasswordResponse
 */
async function changePasswordWithOptions(request: ChangePasswordRequest, runtime: Util.RuntimeOptions): ChangePasswordResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.newPassword)) {
    query['NewPassword'] = request.newPassword;
  }
  if (!Util.isUnset(request.oldPassword)) {
    query['OldPassword'] = request.oldPassword;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ChangePassword',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
 *
 * @description >  This operation is available only for RAM users. Before you call this operation, make sure that `AllowUserToChangePassword` in [SetSecurityPreference](https://help.aliyun.com/document_detail/43765.html) is set to `True`. The value True indicates that RAM users can manage their passwords.
 *
 * @param request ChangePasswordRequest
 * @return ChangePasswordResponse
 */
async function changePassword(request: ChangePasswordRequest): ChangePasswordResponse {
  var runtime = new Util.RuntimeOptions{};
  return changePasswordWithOptions(request, runtime);
}

model CreateAccessKeyRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

If this parameter is empty, an AccessKey pair is created for the current user.', example='test@example.onaliyun.com'),
}

model CreateAccessKeyResponseBody = {
  accessKey?: {
    accessKeyId?: string(name='AccessKeyId', description='The AccessKey ID.', example='LTAI4G3HaMmeHpay2gcq****'),
    accessKeySecret?: string(name='AccessKeySecret', description='The AccessKey secret.', example='Y3MSLE6OgizS4qrz5LVFDoyZEL****'),
    createDate?: string(name='CreateDate', description='The time when the AccessKey pair was created.', example='2020-10-15T08:08:54Z'),
    status?: string(name='Status', description='The status of the AccessKey pair. Valid values:

*   Active
*   Inactive', example='Active'),
  }(name='AccessKey', description='The information about the AccessKey pair.'),
  requestId?: string(name='RequestId', description='The request ID.', example='19DDD9F7-AFCC-4D72-8CBA-CCE5A142E7AB'),
}

model CreateAccessKeyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateAccessKeyResponseBody(name='body'),
}

/**
 * @summary Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request CreateAccessKeyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateAccessKeyResponse
 */
async function createAccessKeyWithOptions(request: CreateAccessKeyRequest, runtime: Util.RuntimeOptions): CreateAccessKeyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateAccessKey',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request CreateAccessKeyRequest
 * @return CreateAccessKeyResponse
 */
async function createAccessKey(request: CreateAccessKeyRequest): CreateAccessKeyResponse {
  var runtime = new Util.RuntimeOptions{};
  return createAccessKeyWithOptions(request, runtime);
}

model CreateAppSecretRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
}

model CreateAppSecretResponseBody = {
  appSecret?: {
    appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
    appSecretId?: string(name='AppSecretId', description='The ID of the application secret.', example='2efd5004-005c-4f05-83c6-5b1dd176****'),
    appSecretValue?: string(name='AppSecretValue', description='The content of the application secret. This value can be used as the client secret for open authorization (OAuth).', example='ai78ZmmxnlUG1jXlBZRDFKos9DIjY4m17Q7dCpMwn1rqXsTGb1X1XmrmveMp****'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-26T02:52:31Z'),
  }(name='AppSecret', description='The details of the application secret.'),
  requestId?: string(name='RequestId', description='The request ID.', example='EE46FC3C-3BDE-4771-B531-27B7B6EB533D'),
}

model CreateAppSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateAppSecretResponseBody(name='body'),
}

/**
 * @summary Creates an application secret for an application.
 *
 * @param request CreateAppSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateAppSecretResponse
 */
async function createAppSecretWithOptions(request: CreateAppSecretRequest, runtime: Util.RuntimeOptions): CreateAppSecretResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateAppSecret',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an application secret for an application.
 *
 * @param request CreateAppSecretRequest
 * @return CreateAppSecretResponse
 */
async function createAppSecret(request: CreateAppSecretRequest): CreateAppSecretResponse {
  var runtime = new Util.RuntimeOptions{};
  return createAppSecretWithOptions(request, runtime);
}

model CreateApplicationRequest {
  accessTokenValidity?: int32(name='AccessTokenValidity', description='The validity period of the access token.

Valid values: 900 to 10800. Unit: seconds.

Default value: 3600.', example='3600'),
  appName?: string(name='AppName', description='The application name.

The name can be up to 64 characters in length. The name can contain letters, digits, periods (.), underscores (_), and hyphens (-).', example='myapp'),
  appType?: string(name='AppType', description='The type of the application. Valid values:

*   WebApp: a web application that interacts with a browser.
*   NativeApp: a native application that runs on an operating system, such as a desktop operating system or a mobile operating system.
*   ServerApp: an application that accesses Alibaba Cloud services without the need of manual user logon. User provisioning is automated based on the System for Cross-Domain Identity Management (SCIM) protocol.

This parameter is required.', example='WebApp'),
  displayName?: string(name='DisplayName', description='The display name of the application.

The name can be up to 24 characters in length.

This parameter is required.', example='myapp'),
  isMultiTenant?: boolean(name='IsMultiTenant', description='Indicates whether the application can be installed by using other Alibaba Cloud accounts. Valid values:

*   true: If you do not set this parameter for applications of the NativeApp and ServerApp types, true is used.
*   false: If you do not set this parameter for applications of the WebApp type, false is used.', example='false'),
  predefinedScopes?: string(name='PredefinedScopes', description='The scope of application permissions.

For more information about the application permission scope, see [Open authorization scope](https://help.aliyun.com/document_detail/93693.html). You can also call the [ListPredefinedScopes](https://help.aliyun.com/document_detail/187206.html) operation to query the permissions that are supported by different types of applications.

If you enter multiple permission scopes, separate them with semicolons (;).', example='aliuid'),
  redirectUris?: string(name='RedirectUris', description='The callback URL.

If you enter multiple callback URLs, separate them with semicolons (;).', example='https://www.example.com'),
  refreshTokenValidity?: int32(name='RefreshTokenValidity', description='The validity period of the refreshed token.

Valid values: 7200 to 31536000. Unit: seconds.

Default value:

*   For applications of the WebApp and ServerApp types, if this parameter is left empty, the value 2592000 is used. The value 2592000 indicates that the validity period of the refreshed token is 30 days.
*   For applications of the NativeApp type, if this parameter is left empty, the value 7776000 is used. The value 7776000 indicates that the validity period of the refreshed token is 90 days.', example='2592000'),
  requiredScopes?: string(name='RequiredScopes', description='The required permission.

You can specify one or more permissions for the `RequiredScopes` parameter. After you specify this parameter, the required permissions are automatically selected and cannot be revoked when a user grants permissions on the application.

If you enter multiple permission scopes, separate them with semicolons (;).

>  If the permission that you specify for the `RequiredScopes` parameter is not included in the value of the `PredefinedScopes` parameter, the permission does not take effect.', example='aliuid;profile'),
  secretRequired?: boolean(name='SecretRequired', description='Indicates whether a secret is required. Valid values:

*   true
*   false

>- For applications of the WebApp and ServerApp types, this parameter is automatically set to true and cannot be changed.
>- For applications of the NativeApp type, this parameter can be set to true or false. If you do not set this parameter, false is used. Applications of the NativeApp type run in untrusted environments and the secrets of these applications are not protected. Therefore, we recommend that you do not set this parameter to true unless otherwise specified. For more information, see [Use an application of the NativeApp type to log on to Alibaba Cloud](https://help.aliyun.com/document_detail/93697.html).', example='true'),
}

model CreateApplicationResponseBody = {
  application?: {
    accessTokenValidity?: int32(name='AccessTokenValidity', description='The validity period of the access token. Unit: seconds.', example='3600'),
    accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account to which the application belongs.', example='177242285274****'),
    appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
    appName?: string(name='AppName', description='The application name.', example='myapp'),
    appType?: string(name='AppType', description='The application type.', example='WebApp'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-23T08:06:57Z'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission.', example='Obtain the OpenID of the user. This is the default permission that you cannot remove.'),
          name?: string(name='Name', description='The name of the permission.', example='openid'),
          required?: boolean(name='Required', description='Indicates whether the permission is automatically selected by default when you install the application. Valid values:

*   true
*   false

`openid` is required by default.', example='true'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the permissions that are granted on the application.'),
    }(name='DelegatedScope', description='The information about the permissions that are granted on the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='myapp'),
    isMultiTenant?: boolean(name='IsMultiTenant', description='Indicates whether the application can be installed by using other Alibaba Cloud accounts.', example='true'),
    redirectUris?: {
      redirectUri?: [ string ](name='RedirectUri')
    }(name='RedirectUris', description='The callback URLs.'),
    refreshTokenValidity?: int32(name='RefreshTokenValidity', description='The validity period of the refresh token. Unit: seconds.', example='7776000'),
    secretRequired?: boolean(name='SecretRequired', description='Indicates whether a secret is required.', example='true'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-23T08:06:57Z'),
  }(name='Application', description='The information about the application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6616F09B-2768-4C11-8866-A8EE4C4A583E'),
}

model CreateApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateApplicationResponseBody(name='body'),
}

/**
 * @summary Creates an application.
 *
 * @param request CreateApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateApplicationResponse
 */
async function createApplicationWithOptions(request: CreateApplicationRequest, runtime: Util.RuntimeOptions): CreateApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessTokenValidity)) {
    query['AccessTokenValidity'] = request.accessTokenValidity;
  }
  if (!Util.isUnset(request.appName)) {
    query['AppName'] = request.appName;
  }
  if (!Util.isUnset(request.appType)) {
    query['AppType'] = request.appType;
  }
  if (!Util.isUnset(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!Util.isUnset(request.isMultiTenant)) {
    query['IsMultiTenant'] = request.isMultiTenant;
  }
  if (!Util.isUnset(request.predefinedScopes)) {
    query['PredefinedScopes'] = request.predefinedScopes;
  }
  if (!Util.isUnset(request.redirectUris)) {
    query['RedirectUris'] = request.redirectUris;
  }
  if (!Util.isUnset(request.refreshTokenValidity)) {
    query['RefreshTokenValidity'] = request.refreshTokenValidity;
  }
  if (!Util.isUnset(request.requiredScopes)) {
    query['RequiredScopes'] = request.requiredScopes;
  }
  if (!Util.isUnset(request.secretRequired)) {
    query['SecretRequired'] = request.secretRequired;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an application.
 *
 * @param request CreateApplicationRequest
 * @return CreateApplicationResponse
 */
async function createApplication(request: CreateApplicationRequest): CreateApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return createApplicationWithOptions(request, runtime);
}

model CreateGroupRequest {
  comments?: string(name='Comments', description='The description.

The description can be up to 128 characters in length.', example='Dev-Team'),
  displayName?: string(name='DisplayName', description='The display name of the RAM user group.

The name can be up to 24 characters in length.', example='Dev-Team'),
  groupName?: string(name='GroupName', description='The name of the RAM user group. You must specify this parameter.

The name can be up to 64 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).', example='Dev-Team'),
}

model CreateGroupResponseBody = {
  group?: {
    comments?: string(name='Comments', description='The description.', example='Dev-Team'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-19T16:15:17Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user group.', example='Dev-Team'),
    groupId?: string(name='GroupId', description='The ID of the RAM user group.', example='740317625433843****'),
    groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Dev-Team'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-19T16:15:17Z'),
  }(name='Group', description='The information about the RAM user group.'),
  requestId?: string(name='RequestId', description='The request ID.', example='3C38192B-7BF8-45DA-8F0A-E670EA51426C'),
}

model CreateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateGroupResponseBody(name='body'),
}

/**
 * @summary Creates a Resource Access Management (RAM) user group.
 *
 * @param request CreateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateGroupResponse
 */
async function createGroupWithOptions(request: CreateGroupRequest, runtime: Util.RuntimeOptions): CreateGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.comments)) {
    query['Comments'] = request.comments;
  }
  if (!Util.isUnset(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates a Resource Access Management (RAM) user group.
 *
 * @param request CreateGroupRequest
 * @return CreateGroupResponse
 */
async function createGroup(request: CreateGroupRequest): CreateGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return createGroupWithOptions(request, runtime);
}

model CreateLoginProfileRequest {
  MFABindRequired?: boolean(name='MFABindRequired', description='Specifies whether to forcefully enable multi-factor authentication (MFA) for the RAM user. Valid values:

*   true: forcefully enables MFA for the RAM user. The RAM user must bind an MFA device upon the next logon.
*   false (default): does not forcefully enable MFA for the RAM user.', example='false'),
  password?: string(name='Password', description='The password that the RAM user uses to log on to the console.

The password must meet the complexity requirements.', example='mypassword'),
  passwordResetRequired?: boolean(name='PasswordResetRequired', description='Specifies whether the RAM user is required to reset the password upon the next logon. Valid values:

*   true
*   false (default)', example='false'),
  status?: string(name='Status', description='Specifies whether to enable password-based logons to the console. Valid values:

*   Active: Password-based logon is enabled. This is the default value.
*   Inactive: Password-based logon is disabled.', example='Active'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model CreateLoginProfileResponseBody = {
  loginProfile?: {
    MFABindRequired?: boolean(name='MFABindRequired', description='Indicates whether to forcefully enable MFA for the RAM user.', example='false'),
    passwordResetRequired?: boolean(name='PasswordResetRequired', description='Indicates whether the RAM user is required to reset the password upon the next logon.', example='false'),
    status?: string(name='Status', description='Indicates whether to enable password-based logons to the console.', example='Active'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-14T03:47:51Z'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  }(name='LoginProfile', description='The logon information.'),
  requestId?: string(name='RequestId', description='The request ID.', example='29CB303C-1F05-43A6-A6BC-EBC5A797F8DB'),
}

model CreateLoginProfileResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateLoginProfileResponseBody(name='body'),
}

/**
 * @summary Enables logon to the console for a Resource Access Management (RAM) user.
 *
 * @param request CreateLoginProfileRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateLoginProfileResponse
 */
async function createLoginProfileWithOptions(request: CreateLoginProfileRequest, runtime: Util.RuntimeOptions): CreateLoginProfileResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.MFABindRequired)) {
    query['MFABindRequired'] = request.MFABindRequired;
  }
  if (!Util.isUnset(request.password)) {
    query['Password'] = request.password;
  }
  if (!Util.isUnset(request.passwordResetRequired)) {
    query['PasswordResetRequired'] = request.passwordResetRequired;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateLoginProfile',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables logon to the console for a Resource Access Management (RAM) user.
 *
 * @param request CreateLoginProfileRequest
 * @return CreateLoginProfileResponse
 */
async function createLoginProfile(request: CreateLoginProfileRequest): CreateLoginProfileResponse {
  var runtime = new Util.RuntimeOptions{};
  return createLoginProfileWithOptions(request, runtime);
}

model CreateOIDCProviderRequest {
  clientIds?: string(name='ClientIds', description='The ID of the client, which is provided by the external IdP Okta. If you want to specify multiple client IDs, separate the client IDs with commas (,).

The client ID can contain letters, digits, and special characters and cannot start with the special characters. The special characters are `periods, (.), hyphens (-), underscores (_), colons (:), and forward slashes (/)`.``

The client ID can be up to 64 characters in length.', example='498469743454717****'),
  description?: string(name='Description', description='The description of the OIDC IdP.

The description can be up to 256 characters in length.', example='This is an OIDC Provider.'),
  fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate, which is provided by the external IdP Okta. If you want to specify multiple fingerprints, separate the fingerprints with commas (,).

The fingerprint can contain letters and digits.

The fingerprint can be up to 40 characters in length.', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
  issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='6'),
  issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer, which is provided by the external IdP. The URL of the issuer must be unique within an Alibaba Cloud account.

The URL of the issuer must start with `https` and be in the valid URL format. The URL cannot contain query parameters that follow a question mark (`?`) or logon information that is identified by at signs (`@`). The URL cannot be a fragment URL that contains number signs (`#`).

The URL can be up to 255 characters in length.', example='https://dev-xxxxxx.okta.com'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.

The name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are `periods, (.), hyphens (-), and underscores (_)`.``

The name can be up to 128 characters in length.', example='TestOIDCProvider'),
}

model CreateOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client.', example='498469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is an OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate.', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636613763000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='6'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='64B11B41-636D-51E3-A39B-C8703CD2218C'),
}

model CreateOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud.
 *
 * @description ### Prerequisites
 * Before you call this operation, make sure that the information such as the URL of the issuer, the fingerprints of HTTPS certificates, and the client IDs are obtained from an external (IdP, such as Google G Suite or Okta.
 * ### Limits
 * *   You can create a maximum of 100 OIDC IdPs in an Alibaba Cloud account.
 * *   You can add a maximum of 20 client IDs to an OIDC IdP.
 * *   You can add a maximum of five fingerprints to an OIDC IdP.
 * ###
 * This topic provides an example on how to create an IdP named `TestOIDCProvider` to configure a trust relationship between the external IdP and Alibaba Cloud.
 *
 * @param request CreateOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateOIDCProviderResponse
 */
async function createOIDCProviderWithOptions(request: CreateOIDCProviderRequest, runtime: Util.RuntimeOptions): CreateOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.clientIds)) {
    query['ClientIds'] = request.clientIds;
  }
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.fingerprints)) {
    query['Fingerprints'] = request.fingerprints;
  }
  if (!Util.isUnset(request.issuanceLimitTime)) {
    query['IssuanceLimitTime'] = request.issuanceLimitTime;
  }
  if (!Util.isUnset(request.issuerUrl)) {
    query['IssuerUrl'] = request.issuerUrl;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud.
 *
 * @description ### Prerequisites
 * Before you call this operation, make sure that the information such as the URL of the issuer, the fingerprints of HTTPS certificates, and the client IDs are obtained from an external (IdP, such as Google G Suite or Okta.
 * ### Limits
 * *   You can create a maximum of 100 OIDC IdPs in an Alibaba Cloud account.
 * *   You can add a maximum of 20 client IDs to an OIDC IdP.
 * *   You can add a maximum of five fingerprints to an OIDC IdP.
 * ###
 * This topic provides an example on how to create an IdP named `TestOIDCProvider` to configure a trust relationship between the external IdP and Alibaba Cloud.
 *
 * @param request CreateOIDCProviderRequest
 * @return CreateOIDCProviderResponse
 */
async function createOIDCProvider(request: CreateOIDCProviderRequest): CreateOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return createOIDCProviderWithOptions(request, runtime);
}

model CreateSAMLProviderRequest {
  description?: string(name='Description', description='The description.', example='This is a provider.'),
  encodedSAMLMetadataDocument?: string(name='EncodedSAMLMetadataDocument', description='The metadata file which is Base64-encoded.

The file is provided by an IdP that supports Security Assertion Markup Language (SAML) 2.0.', example='PD94bWwgdmVy****'),
  SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.

The name can be up to 128 characters in length. The name can contain letters, digits, `periods (.), hyphens (-), and underscores (_)`. The name cannot start or end with `periods (.), hyphens (-), or underscores (_)`.

This parameter is required.', example='test-provider'),
}

model CreateSAMLProviderResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='A95A763D-F6B7-5242-83EB-AB45CE67F358'),
  SAMLProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the IdP.', example='acs:ram::177242285274****:saml-provider/test-provider'),
    createDate?: string(name='CreateDate', description='The creation time. The time is displayed in UTC.', example='2020-10-22T02:37:05Z'),
    description?: string(name='Description', description='The description.', example='This is a provider.'),
    SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.', example='test-provider'),
    updateDate?: string(name='UpdateDate', description='The update time. The time is displayed in UTC.', example='2020-10-22T02:51:20Z'),
  }(name='SAMLProvider', description='The information about the IdP.'),
}

model CreateSAMLProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateSAMLProviderResponseBody(name='body'),
}

/**
 * @summary Creates an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request CreateSAMLProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateSAMLProviderResponse
 */
async function createSAMLProviderWithOptions(request: CreateSAMLProviderRequest, runtime: Util.RuntimeOptions): CreateSAMLProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.encodedSAMLMetadataDocument)) {
    query['EncodedSAMLMetadataDocument'] = request.encodedSAMLMetadataDocument;
  }
  if (!Util.isUnset(request.SAMLProviderName)) {
    query['SAMLProviderName'] = request.SAMLProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateSAMLProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request CreateSAMLProviderRequest
 * @return CreateSAMLProviderResponse
 */
async function createSAMLProvider(request: CreateSAMLProviderRequest): CreateSAMLProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return createSAMLProviderWithOptions(request, runtime);
}

model CreateUserRequest {
  comments?: string(name='Comments', description='The description.

The description must be 1 to 128 characters in length.', example='This is a cloud computing engineer.'),
  displayName?: string(name='DisplayName', description='The display name of the RAM user.

The name must be 1 to 24 characters in length.

This parameter is required.', example='test'),
  email?: string(name='Email', description='The email address of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='alice@example.com'),
  mobilePhone?: string(name='MobilePhone', description='The mobile number of the RAM user.

Format: Country code-Mobile phone number.

> This parameter is valid only on the China site (aliyun.com).', example='86-1868888****'),
  tag?: [ 
    {
      key?: string(name='Key', description='The key of the tag.

The tag key cannot be an empty string. The tag key can be up to 128 characters in length and cannot start with `acs:` or `aliyun`. The tag key cannot contain `http://` or `https://`.', example='operator'),
      value?: string(name='Value', description='The value of the tag.

The tag value can be an empty string. The tag value can be up to 128 characters in length. The tag value cannot start with `acs:` or contain `http://` or `https://`.', example='alice'),
    }
  ](name='Tag', description='The tags. You can specify up to 20 tags.'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the Resource Access Management (RAM) user.

The name is in the format of `<username>@<AccountAlias>.onaliyun.com`. `<username>` indicates the name of the RAM user. `<AccountAlias>.onaliyun.com` indicates the default domain name. For more information about how to query the default domain name, see [GetDefaultDomain](https://help.aliyun.com/document_detail/186720.html).

The value of `UserPrincipalName` must be `1 to 128` characters in length and can contain letters, digits, periods (.), hyphens (-), and underscores (_). The value of `<username>` must be `1 to 64` characters in length.

This parameter is required.', example='test@example.onaliyun.com'),
}

model CreateUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='2BB8C44A-2862-4922-AD43-03924749173B'),
  user?: {
    comments?: string(name='Comments', description='The description.', example='This is a cloud computing engineer.'),
    createDate?: string(name='CreateDate', description='The time when the RAM user was created.', example='2020-10-12T09:12:00Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
    email?: string(name='Email', description='The email address of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='alice@example.com'),
    lastLoginDate?: string(name='LastLoginDate', description='The last time when the RAM user logged on to the Alibaba Cloud Management Console.', example='2020-10-12T09:12:00Z'),
    mobilePhone?: string(name='MobilePhone', description='The mobile phone number of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='86-1868888****'),
    provisionType?: string(name='ProvisionType', description='The source of the RAM user. Valid values:

*   Manual: The RAM user is manually created in the RAM console.
*   SCIM: The RAM user is mapped by using System for Cross-domain Identity Management (SCIM).
*   CloudSSO: The RAM user is mapped from a CloudSSO user.', example='Manual'),
    tags?: {
      tag?: [ 
      {
        tagKey?: string(name='TagKey', description='The tag key.', example='operator'),
        tagValue?: string(name='TagValue', description='The tag value.', example='alice'),
      }
    ](name='Tag')
    }(name='Tags', description='The tag value.'),
    updateDate?: string(name='UpdateDate', description='The time when the information about the RAM user was updated.', example='2020-10-12T09:12:00Z'),
    userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  }(name='User', description='The information about the RAM user.'),
}

model CreateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateUserResponseBody(name='body'),
}

/**
 * @summary Creates a RAM user.
 *
 * @description This topic provides an example on how to create a RAM user named `test`.
 *
 * @param request CreateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateUserResponse
 */
async function createUserWithOptions(request: CreateUserRequest, runtime: Util.RuntimeOptions): CreateUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.comments)) {
    query['Comments'] = request.comments;
  }
  if (!Util.isUnset(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!Util.isUnset(request.email)) {
    query['Email'] = request.email;
  }
  if (!Util.isUnset(request.mobilePhone)) {
    query['MobilePhone'] = request.mobilePhone;
  }
  if (!Util.isUnset(request.tag)) {
    query['Tag'] = request.tag;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateUser',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates a RAM user.
 *
 * @description This topic provides an example on how to create a RAM user named `test`.
 *
 * @param request CreateUserRequest
 * @return CreateUserResponse
 */
async function createUser(request: CreateUserRequest): CreateUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return createUserWithOptions(request, runtime);
}

model CreateVirtualMFADeviceRequest {
  virtualMFADeviceName?: string(name='VirtualMFADeviceName', description='The name of the MFA device.

The name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).

This parameter is required.', example='device001'),
}

model CreateVirtualMFADeviceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='C609CC97-10FE-43EB-BE32-BDC219D8F1E4'),
  virtualMFADevice?: {
    base32StringSeed?: string(name='Base32StringSeed', description='The key of the MFA device.', example='LD3CJ23Z2VGEX6R7ZTQCOA4XL2KODS5PKH7442NLKYX2PVHSHYB7UT3TS5HA****'),
    QRCodePNG?: string(name='QRCodePNG', description='The Base64-encoded QR code of the key.', example='YXNkZmFzZDlmeW5hc2Q5OGZoODd4bXJmcThhaGU5aSBmYXNkZiBzYWRmIGFGIDRxd2VjIGEgdHEz****'),
    serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.', example='acs:ram::177242285274****:mfa/device001'),
  }(name='VirtualMFADevice', description='The information about the MFA device.'),
}

model CreateVirtualMFADeviceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateVirtualMFADeviceResponseBody(name='body'),
}

/**
 * @summary Creates a virtual multi-factor authentication (MFA) device.
 *
 * @param request CreateVirtualMFADeviceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateVirtualMFADeviceResponse
 */
async function createVirtualMFADeviceWithOptions(request: CreateVirtualMFADeviceRequest, runtime: Util.RuntimeOptions): CreateVirtualMFADeviceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.virtualMFADeviceName)) {
    query['VirtualMFADeviceName'] = request.virtualMFADeviceName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateVirtualMFADevice',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates a virtual multi-factor authentication (MFA) device.
 *
 * @param request CreateVirtualMFADeviceRequest
 * @return CreateVirtualMFADeviceResponse
 */
async function createVirtualMFADevice(request: CreateVirtualMFADeviceRequest): CreateVirtualMFADeviceResponse {
  var runtime = new Util.RuntimeOptions{};
  return createVirtualMFADeviceWithOptions(request, runtime);
}

model DeleteAccessKeyRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The ID of the AccessKey pair that you want to delete.

This parameter is required.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

If this parameter is empty, the AccessKey pair of the current user is deleted.', example='test@example.onaliyun.com'),
}

model DeleteAccessKeyResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B9AF80E4-1565-42D9-9256-0B8B0D9FD3EC'),
}

model DeleteAccessKeyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAccessKeyResponseBody(name='body'),
}

/**
 * @summary Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request DeleteAccessKeyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAccessKeyResponse
 */
async function deleteAccessKeyWithOptions(request: DeleteAccessKeyRequest, runtime: Util.RuntimeOptions): DeleteAccessKeyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAccessKey',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request DeleteAccessKeyRequest
 * @return DeleteAccessKeyResponse
 */
async function deleteAccessKey(request: DeleteAccessKeyRequest): DeleteAccessKeyResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAccessKeyWithOptions(request, runtime);
}

model DeleteAccessKeyInRecycleBinRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the RAM user.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userId?: string(name='UserId', description='The ID of the RAM user.

> - If you use an Alibaba Cloud account to call the operation, you must specify the parameter.
> - If you use a RAM user to call the operation, you can leave the parameter empty. In this case, the ID of the RAM user is used by default.', example='20732900249392****'),
}

model DeleteAccessKeyInRecycleBinResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model DeleteAccessKeyInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAccessKeyInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request DeleteAccessKeyInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAccessKeyInRecycleBinResponse
 */
async function deleteAccessKeyInRecycleBinWithOptions(request: DeleteAccessKeyInRecycleBinRequest, runtime: Util.RuntimeOptions): DeleteAccessKeyInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAccessKeyInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request DeleteAccessKeyInRecycleBinRequest
 * @return DeleteAccessKeyInRecycleBinResponse
 */
async function deleteAccessKeyInRecycleBin(request: DeleteAccessKeyInRecycleBinRequest): DeleteAccessKeyInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAccessKeyInRecycleBinWithOptions(request, runtime);
}

model DeleteAppSecretRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
  appSecretId?: string(name='AppSecretId', description='The ID of the application secret.

This parameter is required.', example='2efd5004-005c-4f05-83c6-5b1dd176****'),
}

model DeleteAppSecretResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteAppSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAppSecretResponseBody(name='body'),
}

/**
 * @summary Deletes the application secret of an application.
 *
 * @param request DeleteAppSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAppSecretResponse
 */
async function deleteAppSecretWithOptions(request: DeleteAppSecretRequest, runtime: Util.RuntimeOptions): DeleteAppSecretResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  if (!Util.isUnset(request.appSecretId)) {
    query['AppSecretId'] = request.appSecretId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAppSecret',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes the application secret of an application.
 *
 * @param request DeleteAppSecretRequest
 * @return DeleteAppSecretResponse
 */
async function deleteAppSecret(request: DeleteAppSecretRequest): DeleteAppSecretResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAppSecretWithOptions(request, runtime);
}

model DeleteApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
}

model DeleteApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteApplicationResponseBody(name='body'),
}

/**
 * @summary Deletes an application.
 *
 * @param request DeleteApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteApplicationResponse
 */
async function deleteApplicationWithOptions(request: DeleteApplicationRequest, runtime: Util.RuntimeOptions): DeleteApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an application.
 *
 * @param request DeleteApplicationRequest
 * @return DeleteApplicationResponse
 */
async function deleteApplication(request: DeleteApplicationRequest): DeleteApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteApplicationWithOptions(request, runtime);
}

model DeleteGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Dev-Team'),
}

model DeleteGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteGroupResponseBody(name='body'),
}

/**
 * @summary Deletes a Resource Access Management (RAM) user group.
 *
 * @description Before you delete a RAM user group, make sure that no policies are attached to the group and no RAM users are included in the group.
 *
 * @param request DeleteGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteGroupResponse
 */
async function deleteGroupWithOptions(request: DeleteGroupRequest, runtime: Util.RuntimeOptions): DeleteGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a Resource Access Management (RAM) user group.
 *
 * @description Before you delete a RAM user group, make sure that no policies are attached to the group and no RAM users are included in the group.
 *
 * @param request DeleteGroupRequest
 * @return DeleteGroupResponse
 */
async function deleteGroup(request: DeleteGroupRequest): DeleteGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteGroupWithOptions(request, runtime);
}

model DeleteLoginProfileRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model DeleteLoginProfileResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B9AF80E4-1565-42D9-9256-0B8B0D9FD3EC'),
}

model DeleteLoginProfileResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteLoginProfileResponseBody(name='body'),
}

/**
 * @summary Disables logon to the console for a Resource Access Management (RAM) user.
 *
 * @param request DeleteLoginProfileRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteLoginProfileResponse
 */
async function deleteLoginProfileWithOptions(request: DeleteLoginProfileRequest, runtime: Util.RuntimeOptions): DeleteLoginProfileResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteLoginProfile',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables logon to the console for a Resource Access Management (RAM) user.
 *
 * @param request DeleteLoginProfileRequest
 * @return DeleteLoginProfileResponse
 */
async function deleteLoginProfile(request: DeleteLoginProfileRequest): DeleteLoginProfileResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteLoginProfileWithOptions(request, runtime);
}

model DeleteOIDCProviderRequest {
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model DeleteOIDCProviderResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Deletes an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request DeleteOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteOIDCProviderResponse
 */
async function deleteOIDCProviderWithOptions(request: DeleteOIDCProviderRequest, runtime: Util.RuntimeOptions): DeleteOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request DeleteOIDCProviderRequest
 * @return DeleteOIDCProviderResponse
 */
async function deleteOIDCProvider(request: DeleteOIDCProviderRequest): DeleteOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteOIDCProviderWithOptions(request, runtime);
}

model DeletePasskeyRequest {
  passkeyId?: string(name='PasskeyId', description='The ID of the passkey.', example='PASSKEY-CuZjEHhWcr7GIQOMGvkS'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
}

model DeletePasskeyResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='8A1673AA-5DB3-5AFB-8758-AF9EC2889259'),
}

model DeletePasskeyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeletePasskeyResponseBody(name='body'),
}

/**
 * @summary Deletes a passkey for a Resource Access Management (RAM) user.
 *
 * @param request DeletePasskeyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeletePasskeyResponse
 */
async function deletePasskeyWithOptions(request: DeletePasskeyRequest, runtime: Util.RuntimeOptions): DeletePasskeyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.passkeyId)) {
    query['PasskeyId'] = request.passkeyId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeletePasskey',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a passkey for a Resource Access Management (RAM) user.
 *
 * @param request DeletePasskeyRequest
 * @return DeletePasskeyResponse
 */
async function deletePasskey(request: DeletePasskeyRequest): DeletePasskeyResponse {
  var runtime = new Util.RuntimeOptions{};
  return deletePasskeyWithOptions(request, runtime);
}

model DeleteSAMLProviderRequest {
  SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP that you want to delete.

This parameter is required.', example='test-provider'),
}

model DeleteSAMLProviderResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteSAMLProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteSAMLProviderResponseBody(name='body'),
}

/**
 * @summary Deletes an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request DeleteSAMLProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteSAMLProviderResponse
 */
async function deleteSAMLProviderWithOptions(request: DeleteSAMLProviderRequest, runtime: Util.RuntimeOptions): DeleteSAMLProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.SAMLProviderName)) {
    query['SAMLProviderName'] = request.SAMLProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteSAMLProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request DeleteSAMLProviderRequest
 * @return DeleteSAMLProviderResponse
 */
async function deleteSAMLProvider(request: DeleteSAMLProviderRequest): DeleteSAMLProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteSAMLProviderWithOptions(request, runtime);
}

model DeleteUserRequest {
  userId?: string(name='UserId', description='The ID of the RAM user.

>  You must specify only one of the following parameters: `UserPrincipalName` and `UserId`.', example='20732900249392****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

>  You must specify only one of the following parameters: `UserPrincipalName` and `UserId`.', example='test@example.onaliyun.com'),
}

model DeleteUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeleteUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserResponseBody(name='body'),
}

/**
 * @summary Deletes a Resource Access Management (RAM) user.
 *
 * @param request DeleteUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserResponse
 */
async function deleteUserWithOptions(request: DeleteUserRequest, runtime: Util.RuntimeOptions): DeleteUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUser',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a Resource Access Management (RAM) user.
 *
 * @param request DeleteUserRequest
 * @return DeleteUserResponse
 */
async function deleteUser(request: DeleteUserRequest): DeleteUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserWithOptions(request, runtime);
}

model DeleteUserInRecycleBinRequest {
  userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
}

model DeleteUserInRecycleBinResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model DeleteUserInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Deletes a specific Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request DeleteUserInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserInRecycleBinResponse
 */
async function deleteUserInRecycleBinWithOptions(request: DeleteUserInRecycleBinRequest, runtime: Util.RuntimeOptions): DeleteUserInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUserInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a specific Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request DeleteUserInRecycleBinRequest
 * @return DeleteUserInRecycleBinResponse
 */
async function deleteUserInRecycleBin(request: DeleteUserInRecycleBinRequest): DeleteUserInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserInRecycleBinWithOptions(request, runtime);
}

model DeleteVirtualMFADeviceRequest {
  serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.

This parameter is required.', example='acs:ram::123456789012****:mfa/device002'),
}

model DeleteVirtualMFADeviceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='04F0F334-1335-436C-A1D7-6C044FE73368'),
}

model DeleteVirtualMFADeviceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteVirtualMFADeviceResponseBody(name='body'),
}

/**
 * @summary Deletes a multi-factor authentication (MFA) device.
 *
 * @param request DeleteVirtualMFADeviceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteVirtualMFADeviceResponse
 */
async function deleteVirtualMFADeviceWithOptions(request: DeleteVirtualMFADeviceRequest, runtime: Util.RuntimeOptions): DeleteVirtualMFADeviceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.serialNumber)) {
    query['SerialNumber'] = request.serialNumber;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteVirtualMFADevice',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes a multi-factor authentication (MFA) device.
 *
 * @param request DeleteVirtualMFADeviceRequest
 * @return DeleteVirtualMFADeviceResponse
 */
async function deleteVirtualMFADevice(request: DeleteVirtualMFADeviceRequest): DeleteVirtualMFADeviceResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteVirtualMFADeviceWithOptions(request, runtime);
}

model DeprovisionApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='452392483381546****'),
}

model DeprovisionApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model DeprovisionApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeprovisionApplicationResponseBody(name='body'),
}

/**
 * @summary Uninstalls an external application or an internal application of the ServerApp type.
 *
 * @description If you want to call this operation to uninstall an internal application, the type of the internal application must be **ServerApp**. Otherwise, an error occurs when you call this operation.
 * >  For **internal applications**, only internal applications of the ServerApp type need to be **installed or provisioned**. Therefore, only internal applications of the ServerApp type **can be uninstalled**. Internal applications of the WebApp and NativeApp types **do not need to and cannot be uninstalled**.
 *
 * @param request DeprovisionApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeprovisionApplicationResponse
 */
async function deprovisionApplicationWithOptions(request: DeprovisionApplicationRequest, runtime: Util.RuntimeOptions): DeprovisionApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeprovisionApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Uninstalls an external application or an internal application of the ServerApp type.
 *
 * @description If you want to call this operation to uninstall an internal application, the type of the internal application must be **ServerApp**. Otherwise, an error occurs when you call this operation.
 * >  For **internal applications**, only internal applications of the ServerApp type need to be **installed or provisioned**. Therefore, only internal applications of the ServerApp type **can be uninstalled**. Internal applications of the WebApp and NativeApp types **do not need to and cannot be uninstalled**.
 *
 * @param request DeprovisionApplicationRequest
 * @return DeprovisionApplicationResponse
 */
async function deprovisionApplication(request: DeprovisionApplicationRequest): DeprovisionApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return deprovisionApplicationWithOptions(request, runtime);
}

model DeprovisionExternalApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='417273362044613****'),
}

model DeprovisionExternalApplicationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1C2-3AB045D1AE0B'),
}

model DeprovisionExternalApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeprovisionExternalApplicationResponseBody(name='body'),
}

/**
 * @summary Deletes an installed external application.
 *
 * @param request DeprovisionExternalApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeprovisionExternalApplicationResponse
 */
async function deprovisionExternalApplicationWithOptions(request: DeprovisionExternalApplicationRequest, runtime: Util.RuntimeOptions): DeprovisionExternalApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeprovisionExternalApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an installed external application.
 *
 * @param request DeprovisionExternalApplicationRequest
 * @return DeprovisionExternalApplicationResponse
 */
async function deprovisionExternalApplication(request: DeprovisionExternalApplicationRequest): DeprovisionExternalApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return deprovisionExternalApplicationWithOptions(request, runtime);
}

model DisableVirtualMFARequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model DisableVirtualMFAResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B9AF80E4-1565-42D9-9256-0B8B0D9FD3EC'),
}

model DisableVirtualMFAResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableVirtualMFAResponseBody(name='body'),
}

/**
 * @summary Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
 *
 * @param request DisableVirtualMFARequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableVirtualMFAResponse
 */
async function disableVirtualMFAWithOptions(request: DisableVirtualMFARequest, runtime: Util.RuntimeOptions): DisableVirtualMFAResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DisableVirtualMFA',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
 *
 * @param request DisableVirtualMFARequest
 * @return DisableVirtualMFAResponse
 */
async function disableVirtualMFA(request: DisableVirtualMFARequest): DisableVirtualMFAResponse {
  var runtime = new Util.RuntimeOptions{};
  return disableVirtualMFAWithOptions(request, runtime);
}

model GenerateCredentialReportResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='BBCCA90A-A1F0-4B16-B355-692247197805'),
  state?: string(name='State', description='The generation status of the user credential report. Valid values:

*   STARTED: The system starts to generate the user credential report.
*   INPROGRESS: The user credential report is being generated.
*   COMPLETED: The user credential report is generated.', example='STARTED'),
}

model GenerateCredentialReportResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GenerateCredentialReportResponseBody(name='body'),
}

/**
 * @summary Generates the user credential report of an Alibaba Cloud account.
 *
 * @param request GenerateCredentialReportRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GenerateCredentialReportResponse
 */
async function generateCredentialReportWithOptions(runtime: Util.RuntimeOptions): GenerateCredentialReportResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GenerateCredentialReport',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Generates the user credential report of an Alibaba Cloud account.
 *
 * @return GenerateCredentialReportResponse
 */
async function generateCredentialReport(): GenerateCredentialReportResponse {
  var runtime = new Util.RuntimeOptions{};
  return generateCredentialReportWithOptions(runtime);
}

model GenerateGovernanceReportResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='492E130C-76D3-55D5-BE5C-C023E431369A'),
  state?: string(name='State', description='The report generation status. Valid values:

*   Started: The system starts to generate a governance report.
*   Progressing: The system is generating a governance report.
*   Completed: A governance report is generated.', example='Started'),
}

model GenerateGovernanceReportResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GenerateGovernanceReportResponseBody(name='body'),
}

/**
 * @summary Generates a check report for Cloud Governance.
 *
 * @param request GenerateGovernanceReportRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GenerateGovernanceReportResponse
 */
async function generateGovernanceReportWithOptions(runtime: Util.RuntimeOptions): GenerateGovernanceReportResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GenerateGovernanceReport',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Generates a check report for Cloud Governance.
 *
 * @return GenerateGovernanceReportResponse
 */
async function generateGovernanceReport(): GenerateGovernanceReportResponse {
  var runtime = new Util.RuntimeOptions{};
  return generateGovernanceReportWithOptions(runtime);
}

model GetAccessKeyInfoInRecycleBinRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the Resource Access Management (RAM) user.

This parameter is required.', example='LTAI4GFTgcR8m8cZQDTH****'),
}

model GetAccessKeyInfoInRecycleBinResponseBody = {
  accessKey?: {
    accessKeyId?: string(name='AccessKeyId', description='The AccessKey ID.', example='LTAI4GFTgcR8m8cZQDTH****'),
    createDate?: string(name='CreateDate', description='The time when the AccessKey pair was created.', example='2020-10-12T09:12:00Z'),
    deleteDate?: string(name='DeleteDate', description='The time when the AccessKey pair will be permanently deleted from the recycle bin.', example='2020-11-12T10:12:00Z'),
    recycleDate?: string(name='RecycleDate', description='The time when the AccessKey pair was deleted and moved to the recycle bin.', example='2020-10-12T10:12:00Z'),
    userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
    userRecycled?: boolean(name='UserRecycled', description='Indicates whether the RAM user to which the AccessKey pair belongs is in the recycle bin. Valid values:

*   true
*   false', example='true'),
  }(name='AccessKey', description='The information about the AccessKey pair.'),
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model GetAccessKeyInfoInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccessKeyInfoInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request GetAccessKeyInfoInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccessKeyInfoInRecycleBinResponse
 */
async function getAccessKeyInfoInRecycleBinWithOptions(request: GetAccessKeyInfoInRecycleBinRequest, runtime: Util.RuntimeOptions): GetAccessKeyInfoInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetAccessKeyInfoInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request GetAccessKeyInfoInRecycleBinRequest
 * @return GetAccessKeyInfoInRecycleBinResponse
 */
async function getAccessKeyInfoInRecycleBin(request: GetAccessKeyInfoInRecycleBinRequest): GetAccessKeyInfoInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccessKeyInfoInRecycleBinWithOptions(request, runtime);
}

model GetAccessKeyLastUsedRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The ID of the AccessKey pair that you want to query.

This parameter is required.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

If you do not specify this parameter, the AccessKey pair of the current user is queried.', example='test@example.onaliyun.com'),
}

model GetAccessKeyLastUsedResponseBody = {
  accessKeyLastUsed?: {
    lastUsedDate?: string(name='LastUsedDate', description='The time when the AccessKey pair was used for the last time.', example='2020-10-16T01:37:37Z'),
    serviceName?: string(name='ServiceName', description='The Alibaba Cloud service that was last accessed by using the AccessKey pair.', example='Ram'),
  }(name='AccessKeyLastUsed', description='The details of the time when the AccessKey pair was used for the last time.'),
  requestId?: string(name='RequestId', description='The request ID.', example='B29C79F6-354B-4297-A994-1338CC22A2EC'),
}

model GetAccessKeyLastUsedResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccessKeyLastUsedResponseBody(name='body'),
}

/**
 * @summary Queries the time when an AccessKey pair was used for the last time.
 *
 * @param request GetAccessKeyLastUsedRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccessKeyLastUsedResponse
 */
async function getAccessKeyLastUsedWithOptions(request: GetAccessKeyLastUsedRequest, runtime: Util.RuntimeOptions): GetAccessKeyLastUsedResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetAccessKeyLastUsed',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the time when an AccessKey pair was used for the last time.
 *
 * @param request GetAccessKeyLastUsedRequest
 * @return GetAccessKeyLastUsedResponse
 */
async function getAccessKeyLastUsed(request: GetAccessKeyLastUsedRequest): GetAccessKeyLastUsedResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccessKeyLastUsedWithOptions(request, runtime);
}

model GetAccountMFAInfoResponseBody = {
  isMFAEnable?: boolean(name='IsMFAEnable', description='Indicates whether MFA devices are enabled. Valid values:

*   true
*   false', example='false'),
  requestId?: string(name='RequestId', description='The request ID.', example='4BE83135-0B08-467C-B3A2-27B312FD0F57'),
}

model GetAccountMFAInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccountMFAInfoResponseBody(name='body'),
}

/**
 * @summary Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account.
 *
 * @param request GetAccountMFAInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccountMFAInfoResponse
 */
async function getAccountMFAInfoWithOptions(runtime: Util.RuntimeOptions): GetAccountMFAInfoResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetAccountMFAInfo',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account.
 *
 * @return GetAccountMFAInfoResponse
 */
async function getAccountMFAInfo(): GetAccountMFAInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccountMFAInfoWithOptions(runtime);
}

model GetAccountSecurityPracticeReportResponseBody = {
  accountSecurityPracticeInfo?: {
    accountSecurityPracticeUserInfo?: {
      bindMfa?: boolean(name='BindMfa', description='Indicates whether multi-factor authentication (MFA) is enabled. Valid values:

*   true
*   false', example='false'),
      oldAkNum?: int32(name='OldAkNum', description='The number of old AccessKey pairs for the Alibaba Cloud account.', example='0'),
      rootWithAccessKey?: int32(name='RootWithAccessKey', description='The number of AccessKey pairs for the Alibaba Cloud account.', example='1'),
      subUser?: int32(name='SubUser', description='The number of RAM users within the Alibaba Cloud account.', example='9'),
      subUserBindMfa?: int32(name='SubUserBindMfa', description='The number of RAM users that have MFA devices bound.', example='0'),
      subUserPwdLevel?: string(name='SubUserPwdLevel', description='The complexity level of the password for the RAM user. Valid values:

*   low
*   mid
*   high', example='low'),
      subUserWithOldAccessKey?: int32(name='SubUserWithOldAccessKey', description='The number of RAM users that use the old AccessKey pairs.', example='0'),
      subUserWithUnusedAccessKey?: int32(name='SubUserWithUnusedAccessKey', description='The number of Resource Access Management (RAM) users that have unused AccessKey pairs.', example='0'),
      unusedAkNum?: int32(name='UnusedAkNum', description='The number of AccessKey pairs that are not used for the Alibaba Cloud account.', example='0'),
    }(name='AccountSecurityPracticeUserInfo', description='The information about the security report for the Alibaba Cloud account.'),
    score?: int32(name='Score', description='The security score of the Alibaba Cloud account.', example='63'),
  }(name='AccountSecurityPracticeInfo', description='The information about the security report for the Alibaba Cloud account.'),
  requestId?: string(name='RequestId', description='The request ID.', example='ABA822EE-85C2-4418-9577-A1831FC8466D'),
}

model GetAccountSecurityPracticeReportResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccountSecurityPracticeReportResponseBody(name='body'),
}

/**
 * @summary Queries the security report of an Alibaba Cloud account.
 *
 * @param request GetAccountSecurityPracticeReportRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccountSecurityPracticeReportResponse
 */
async function getAccountSecurityPracticeReportWithOptions(runtime: Util.RuntimeOptions): GetAccountSecurityPracticeReportResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetAccountSecurityPracticeReport',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the security report of an Alibaba Cloud account.
 *
 * @return GetAccountSecurityPracticeReportResponse
 */
async function getAccountSecurityPracticeReport(): GetAccountSecurityPracticeReportResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccountSecurityPracticeReportWithOptions(runtime);
}

model GetAccountSummaryResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='81313F5E-3C85-478F-BCC9-E1B70E4556DB'),
  summaryMap?: {
    accessKeysPerUserQuota?: int32(name='AccessKeysPerUserQuota', description='The maximum number of AccessKey pairs that a Resource Access Management (RAM) user can have.', example='2'),
    attachedPoliciesPerGroupQuota?: int32(name='AttachedPoliciesPerGroupQuota', description='The maximum number of custom policies that can be added to a RAM user group.', example='5'),
    attachedPoliciesPerRoleQuota?: int32(name='AttachedPoliciesPerRoleQuota', description='The maximum number of custom policies that can be added to a RAM role.', example='5'),
    attachedPoliciesPerUserQuota?: int32(name='AttachedPoliciesPerUserQuota', description='The maximum number of custom policies that can be added to a RAM user.', example='10'),
    attachedSystemPoliciesPerGroupQuota?: int32(name='AttachedSystemPoliciesPerGroupQuota', description='The maximum number of system policies that can be added to a RAM user group.', example='20'),
    attachedSystemPoliciesPerRoleQuota?: int32(name='AttachedSystemPoliciesPerRoleQuota', description='The maximum number of system policies that can be added to a RAM role.', example='20'),
    attachedSystemPoliciesPerUserQuota?: int32(name='AttachedSystemPoliciesPerUserQuota', description='The maximum number of system policies that can be added to a RAM user.', example='20'),
    conditionsPerAKPolicyQuota?: int32(name='ConditionsPerAKPolicyQuota', description='The number of network access control policies that can be configured for an account or AccessKey pair.', example='8'),
    groups?: int32(name='Groups', description='The number of RAM user groups.', example='7'),
    groupsPerUserQuota?: int32(name='GroupsPerUserQuota', description='The maximum number of RAM user groups to which a RAM user can be added.', example='5'),
    groupsQuota?: int32(name='GroupsQuota', description='The maximum number of RAM user groups that can be created.', example='50'),
    IPItemsPerAKPolicyQuota?: int32(name='IPItemsPerAKPolicyQuota', description='The total number of IP addresses that can be configured in a network access control policy of an account or AccessKey pair.', example='50'),
    MFADevices?: int32(name='MFADevices', description='The number of virtual multi-factor authentication (MFA) devices.', example='13'),
    MFADevicesInUse?: int32(name='MFADevicesInUse', description='The number of virtual MFA devices in use.', example='2'),
    policies?: int32(name='Policies', description='The number of custom policies.', example='13'),
    policiesQuota?: int32(name='PoliciesQuota', description='The maximum number of custom policies that can be created.', example='1500'),
    policySizeQuota?: int32(name='PolicySizeQuota', description='The maximum length of the policy content.', example='2048'),
    roles?: int32(name='Roles', description='The number of RAM roles.', example='19'),
    rolesQuota?: int32(name='RolesQuota', description='The maximum number of RAM roles that can be created.', example='1000'),
    users?: int32(name='Users', description='The number of RAM users.', example='9'),
    usersQuota?: int32(name='UsersQuota', description='The maximum number of RAM users that can be created.', example='1000'),
    versionsPerPolicyQuota?: int32(name='VersionsPerPolicyQuota', description='The maximum number of policy versions.', example='5'),
    virtualMFADevicesQuota?: int32(name='VirtualMFADevicesQuota', description='The maximum number of virtual MFA devices that can be created.', example='1000'),
  }(name='SummaryMap', description='The overview information about the Alibaba Cloud account.'),
}

model GetAccountSummaryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccountSummaryResponseBody(name='body'),
}

/**
 * @summary Queries the overview information about an Alibaba Cloud account.
 *
 * @param request GetAccountSummaryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccountSummaryResponse
 */
async function getAccountSummaryWithOptions(runtime: Util.RuntimeOptions): GetAccountSummaryResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetAccountSummary',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the overview information about an Alibaba Cloud account.
 *
 * @return GetAccountSummaryResponse
 */
async function getAccountSummary(): GetAccountSummaryResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccountSummaryWithOptions(runtime);
}

model GetAppSecretRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
  appSecretId?: string(name='AppSecretId', description='The ID of the application secret.

This parameter is required.', example='2efd5004-005c-4f05-83c6-5b1dd176****'),
}

model GetAppSecretResponseBody = {
  appSecret?: {
    appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
    appSecretId?: string(name='AppSecretId', description='The ID of the application secret.', example='2efd5004-005c-4f05-83c6-5b1dd176****'),
    appSecretValue?: string(name='AppSecretValue', description='The content of the application secret.', example='ai78ZmmxnlUG1jXlBZRDFKos9DIjY4m17Q7dCpMwn1rqXsTGb1X1XmrmveMp****'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-26T02:52:31Z'),
  }(name='AppSecret', description='The details of the application secret.'),
  requestId?: string(name='RequestId', description='The request ID.', example='EE46FC3C-3BDE-4771-B531-27B7B6EB533D'),
}

model GetAppSecretResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAppSecretResponseBody(name='body'),
}

/**
 * @summary Queries the details of an application secret.
 *
 * @param request GetAppSecretRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAppSecretResponse
 */
async function getAppSecretWithOptions(request: GetAppSecretRequest, runtime: Util.RuntimeOptions): GetAppSecretResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  if (!Util.isUnset(request.appSecretId)) {
    query['AppSecretId'] = request.appSecretId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetAppSecret',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the details of an application secret.
 *
 * @param request GetAppSecretRequest
 * @return GetAppSecretResponse
 */
async function getAppSecret(request: GetAppSecretRequest): GetAppSecretResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAppSecretWithOptions(request, runtime);
}

model GetApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
}

model GetApplicationResponseBody = {
  application?: {
    accessTokenValidity?: int32(name='AccessTokenValidity', description='The validity period of the access token. Unit: seconds.', example='3600'),
    accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account to which the application belongs.', example='177242285274****'),
    appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
    appName?: string(name='AppName', description='The name of the application.', example='myapp'),
    appType?: string(name='AppType', description='The type of the application. Valid values:

*   WebApp: a web application.
*   NativeApp: a native application that runs on an operating system, such as a desktop or mobile operating system.
*   ServerApp: an application that can access Alibaba Cloud services without the need for user logon. Only applications that synchronize user information based on the System for Cross-domain Identity Management (SCIM) protocol are supported.', example='WebApp'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-23T08:06:57Z'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission.', example='Obtain the OpenID of the user. This is the default permission that you cannot remove.'),
          name?: string(name='Name', description='The name of the permission.', example='openid'),
          required?: boolean(name='Required', description='Indicates whether the permission is automatically selected by default when you install the application. Valid values:

*   true
*   false

`openid` is required by default.', example='true'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the permissions that are granted on the application.'),
    }(name='DelegatedScope', description='The information about the permissions that are granted on the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='myapp'),
    isMultiTenant?: boolean(name='IsMultiTenant', description='Indicates whether the application can be installed by using other Alibaba Cloud accounts.', example='true'),
    redirectUris?: {
      redirectUri?: [ string ](name='RedirectUri')
    }(name='RedirectUris', description='The callback URL.'),
    refreshTokenValidity?: int32(name='RefreshTokenValidity', description='The validity period of the refresh token. Unit: seconds.', example='7776000'),
    secretRequired?: boolean(name='SecretRequired', description='Indicates whether a secret is required.', example='true'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-23T08:06:57Z'),
  }(name='Application', description='The information about the application.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='6616F09B-2768-4C11-8866-A8EE4C4A583E'),
}

model GetApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationResponseBody(name='body'),
}

/**
 * @summary Queries the configuration information about an application.
 *
 * @description This topic provides an example on how to query the configurations of an application named `472457090344041****`.
 *
 * @param request GetApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationResponse
 */
async function getApplicationWithOptions(request: GetApplicationRequest, runtime: Util.RuntimeOptions): GetApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the configuration information about an application.
 *
 * @description This topic provides an example on how to query the configurations of an application named `472457090344041****`.
 *
 * @param request GetApplicationRequest
 * @return GetApplicationResponse
 */
async function getApplication(request: GetApplicationRequest): GetApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return getApplicationWithOptions(request, runtime);
}

model GetApplicationProvisionInfoRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='452392483381546****'),
}

model GetApplicationProvisionInfoResponseBody = {
  applicationProvisionInfo?: {
    accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account.', example='177242285274****'),
    appId?: string(name='AppId', description='The ID of the application.', example='452392483381546****'),
    appName?: string(name='AppName', description='The name of the application.', example='GiteePrd'),
    createDate?: string(name='CreateDate', description='The time when the application was installed. The value is a timestamp.', example='1603693518000'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission scope.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
          name?: string(name='Name', description='The name of the permission scope.', example='openid'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the scopes of permissions that are granted to the application.'),
    }(name='DelegatedScope', description='The information about the scopes of permissions that are granted to the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='GiteeAliyun'),
    updateDate?: string(name='UpdateDate', description='The update time. The value is a timestamp.', example='1603693518000'),
  }(name='ApplicationProvisionInfo', description='The installation information about the application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='936E1D9C-157D-45BD-8A3B-81C0716EB078'),
}

model GetApplicationProvisionInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationProvisionInfoResponseBody(name='body'),
}

/**
 * @summary Queries installation information about a specified installed application.
 *
 * @param request GetApplicationProvisionInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationProvisionInfoResponse
 */
async function getApplicationProvisionInfoWithOptions(request: GetApplicationProvisionInfoRequest, runtime: Util.RuntimeOptions): GetApplicationProvisionInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetApplicationProvisionInfo',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries installation information about a specified installed application.
 *
 * @param request GetApplicationProvisionInfoRequest
 * @return GetApplicationProvisionInfoResponse
 */
async function getApplicationProvisionInfo(request: GetApplicationProvisionInfoRequest): GetApplicationProvisionInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getApplicationProvisionInfoWithOptions(request, runtime);
}

model GetCredentialReportRequest {
  maxItems?: string(name='MaxItems', description='The number of entries per page. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be true.

Valid values: 1 to 3501. Default value: 3501.', example='1000'),
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request if the response of the current request is truncated. You can use the token to initiate another request and obtain the remaining records.``', example='EXAMPLE'),
}

model GetCredentialReportResponseBody = {
  content?: string(name='Content', description='The content of the user credential report.

The report is Base64-encoded. After you decode the report, the credential report is in the CSV format.', example='OVZWK4RMOVZW****'),
  generatedTime?: string(name='GeneratedTime', description='The time when the user credential report was generated.', example='2020-10-19T15:06:52Z'),
  isTruncated?: string(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  nextToken?: string(name='NextToken', description='The parameter that is used to obtain the truncated part. This parameter takes effect only when `IsTruncated` is set to true.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='7A01826E-7601-44B0-B4DF-2B0C509836DE'),
}

model GetCredentialReportResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetCredentialReportResponseBody(name='body'),
}

/**
 * @summary Queries the user credential reports of an Alibaba Cloud account.
 *
 * @param request GetCredentialReportRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetCredentialReportResponse
 */
async function getCredentialReportWithOptions(request: GetCredentialReportRequest, runtime: Util.RuntimeOptions): GetCredentialReportResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetCredentialReport',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the user credential reports of an Alibaba Cloud account.
 *
 * @param request GetCredentialReportRequest
 * @return GetCredentialReportResponse
 */
async function getCredentialReport(request: GetCredentialReportRequest): GetCredentialReportResponse {
  var runtime = new Util.RuntimeOptions{};
  return getCredentialReportWithOptions(request, runtime);
}

model GetDefaultDomainResponseBody = {
  defaultDomainName?: string(name='DefaultDomainName', description='The default domain name.', example='examplecompany.onaliyun.com'),
  requestId?: string(name='RequestId', description='The request ID.', example='66815255-7CCE-4759-AC37-9755794C3626'),
}

model GetDefaultDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDefaultDomainResponseBody(name='body'),
}

/**
 * @summary Queries the default domain name of an Alibaba Cloud account.
 *
 * @param request GetDefaultDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDefaultDomainResponse
 */
async function getDefaultDomainWithOptions(runtime: Util.RuntimeOptions): GetDefaultDomainResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetDefaultDomain',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the default domain name of an Alibaba Cloud account.
 *
 * @return GetDefaultDomainResponse
 */
async function getDefaultDomain(): GetDefaultDomainResponse {
  var runtime = new Util.RuntimeOptions{};
  return getDefaultDomainWithOptions(runtime);
}

model GetExternalApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
}

model GetExternalApplicationResponseBody = {
  externalApplication?: {
    appPrincipalName?: string(name='AppPrincipalName', description='The name of the application principal. The value is in the `<app_name>@app.<account_id>.onaliyun.com` format.', example='GiteePrd@app.153082740420****.onaliyun.com'),
    createDate?: string(name='CreateDate', description='The time when the application was installed. The value is a timestamp.', example='1737534146000'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
          name?: string(name='Name', description='The name of the permission.', example='openid'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the permissions that are granted on the application.'),
    }(name='DelegatedScope', description='The information about the permissions that are granted on the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='GiteeAliyun'),
    foreignAppId?: string(name='ForeignAppId', description='The ID of the application.', example='407426893752729****'),
    tenantId?: string(name='TenantId', description='The ID of the Alibaba Cloud account for which the application is installed.', example='173082740420****'),
    updateDate?: string(name='UpdateDate', description='The update time of the application. The value is a timestamp.', example='1737534146000'),
  }(name='ExternalApplication', description='The information about the external application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='E4C4D1BD-2558-5BD1-8C36-A5D7FB174A55'),
}

model GetExternalApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetExternalApplicationResponseBody(name='body'),
}

/**
 * @summary Queries information about an installed external application.
 *
 * @param request GetExternalApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetExternalApplicationResponse
 */
async function getExternalApplicationWithOptions(request: GetExternalApplicationRequest, runtime: Util.RuntimeOptions): GetExternalApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetExternalApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about an installed external application.
 *
 * @param request GetExternalApplicationRequest
 * @return GetExternalApplicationResponse
 */
async function getExternalApplication(request: GetExternalApplicationRequest): GetExternalApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return getExternalApplicationWithOptions(request, runtime);
}

model GetGovernanceItemReportRequest {
  governanceItemType?: string(name='GovernanceItemType', example='SSOLoginEnabled'),
  marker?: string(name='Marker', example='EXAMPLE'),
  maxItems?: string(name='MaxItems', example='1000'),
}

model GetGovernanceItemReportResponseBody = {
  columnsSchema?: {
    columnSchema?: [ 
    {
      columnName?: string(name='ColumnName', example='UserPrincipalName'),
      columnType?: string(name='ColumnType', example='String'),
    }
  ](name='ColumnSchema')
  }(name='ColumnsSchema'),
  columnsValue?: {
    columnRow?: [{
    columnValue?: [ any ](name='ColumnValue')
  }  ](name='ColumnRow')
  }(name='ColumnsValue'),
  generateTime?: string(name='GenerateTime', example='2020-10-19T15:06:52Z'),
  isTruncated?: boolean(name='IsTruncated', example='true'),
  marker?: string(name='Marker', example='EXAMPLE'),
  metricType?: string(name='MetricType', example='Number'),
  metricValue?: any(name='MetricValue', example='100'),
  requestId?: string(name='RequestId', example='F2CE9688-AA85-5F23-8C22-0EC23473405F'),
}

model GetGovernanceItemReportResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGovernanceItemReportResponseBody(name='body'),
}

/**
 * @summary 查询用户的单项ram治理报告
 *
 * @param request GetGovernanceItemReportRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGovernanceItemReportResponse
 */
async function getGovernanceItemReportWithOptions(request: GetGovernanceItemReportRequest, runtime: Util.RuntimeOptions): GetGovernanceItemReportResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.governanceItemType)) {
    query['GovernanceItemType'] = request.governanceItemType;
  }
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetGovernanceItemReport',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询用户的单项ram治理报告
 *
 * @param request GetGovernanceItemReportRequest
 * @return GetGovernanceItemReportResponse
 */
async function getGovernanceItemReport(request: GetGovernanceItemReportRequest): GetGovernanceItemReportResponse {
  var runtime = new Util.RuntimeOptions{};
  return getGovernanceItemReportWithOptions(request, runtime);
}

model GetGovernanceReportStatusResponseBody = {
  governanceItemsStatus?: {
    governanceItemStatus?: [ 
    {
      governanceItem?: string(name='GovernanceItem', example='AccountRecentUsingAccessKey'),
      status?: string(name='Status', example='Progressing'),
    }
  ](name='GovernanceItemStatus')
  }(name='GovernanceItemsStatus'),
  requestId?: string(name='RequestId', example='F2CE9688-AA85-5F23-8C22-0EC23473405A'),
  wholeReportStatus?: string(name='WholeReportStatus', example='Progressing'),
}

model GetGovernanceReportStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGovernanceReportStatusResponseBody(name='body'),
}

/**
 * @summary 查询成熟度报告状态
 *
 * @param request GetGovernanceReportStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGovernanceReportStatusResponse
 */
async function getGovernanceReportStatusWithOptions(runtime: Util.RuntimeOptions): GetGovernanceReportStatusResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetGovernanceReportStatus',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询成熟度报告状态
 *
 * @return GetGovernanceReportStatusResponse
 */
async function getGovernanceReportStatus(): GetGovernanceReportStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return getGovernanceReportStatusWithOptions(runtime);
}

model GetGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Dev-Team'),
}

model GetGroupResponseBody = {
  group?: {
    comments?: string(name='Comments', description='The description.', example='Dev-Team'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-19T16:15:17Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user group.', example='Dev-Team'),
    groupId?: string(name='GroupId', description='The ID of the RAM user group.', example='740317625433843****'),
    groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Dev-Team'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-19T16:15:17Z'),
  }(name='Group', description='The information about the RAM user group.'),
  requestId?: string(name='RequestId', description='The request ID.', example='86ECEC3C-7262-4C3C-94B4-A98F7CC1F060'),
}

model GetGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGroupResponseBody(name='body'),
}

/**
 * @summary Queries the information about a Resource Access Management (RAM) user group.
 *
 * @param request GetGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGroupResponse
 */
async function getGroupWithOptions(request: GetGroupRequest, runtime: Util.RuntimeOptions): GetGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about a Resource Access Management (RAM) user group.
 *
 * @param request GetGroupRequest
 * @return GetGroupResponse
 */
async function getGroup(request: GetGroupRequest): GetGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return getGroupWithOptions(request, runtime);
}

model GetLoginProfileRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model GetLoginProfileResponseBody = {
  loginProfile?: {
    autoDisableLoginStatus?: string(name='AutoDisableLoginStatus', description='Indicates whether console logon is automatically disabled if a RAM user does not log on to the console in the previous specified number of days. The number of days is specified by MaxIdleDaysForUsers. The default value is true, and you cannot change the value.', example='true'),
    lastLoginTime?: string(name='LastLoginTime', description='The time of the most recent logon. The time is displayed in UTC.', example='2020-10-14T07:25:25Z'),
    MFABindRequired?: boolean(name='MFABindRequired', description='Indicates whether multi-factor authentication (MFA) must be enabled. Valid values:

*   false
*   true', example='false'),
    passwordResetRequired?: boolean(name='PasswordResetRequired', description='Indicates whether the RAM user is required to reset the password upon the next logon. Valid values:

*   false
*   true', example='false'),
    status?: string(name='Status', description='Indicates whether console logon is enabled. Valid values:

*   Active: enabled.
*   Inactive: disabled.', example='Active'),
    updateDate?: string(name='UpdateDate', description='The modification time. The time is displayed in UTC.', example='2020-10-14T06:56:45Z'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  }(name='LoginProfile', description='The console logon configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='E517F18B-632C-48FC-93F1-CDCBCC6F8444'),
}

model GetLoginProfileResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetLoginProfileResponseBody(name='body'),
}

/**
 * @summary Queries the logon configurations of a Resource Access Management (RAM) user.
 *
 * @param request GetLoginProfileRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetLoginProfileResponse
 */
async function getLoginProfileWithOptions(request: GetLoginProfileRequest, runtime: Util.RuntimeOptions): GetLoginProfileResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetLoginProfile',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the logon configurations of a Resource Access Management (RAM) user.
 *
 * @param request GetLoginProfileRequest
 * @return GetLoginProfileResponse
 */
async function getLoginProfile(request: GetLoginProfileRequest): GetLoginProfileResponse {
  var runtime = new Util.RuntimeOptions{};
  return getLoginProfileWithOptions(request, runtime);
}

model GetOIDCProviderRequest {
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model GetOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='498469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='E5E1A300-279D-5FBD-A8CF-F4EDC20C4896'),
}

model GetOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Queries the information about an OIDC IdP.
 *
 * @description ###
 * This topic provides an example on how to query the information about an OpenID Connect (OIDC) identity provider (IdP) named `TestOIDCProvider`.
 *
 * @param request GetOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetOIDCProviderResponse
 */
async function getOIDCProviderWithOptions(request: GetOIDCProviderRequest, runtime: Util.RuntimeOptions): GetOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about an OIDC IdP.
 *
 * @description ###
 * This topic provides an example on how to query the information about an OpenID Connect (OIDC) identity provider (IdP) named `TestOIDCProvider`.
 *
 * @param request GetOIDCProviderRequest
 * @return GetOIDCProviderResponse
 */
async function getOIDCProvider(request: GetOIDCProviderRequest): GetOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return getOIDCProviderWithOptions(request, runtime);
}

model GetPasswordPolicyResponseBody = {
  passwordPolicy?: {
    hardExpire?: boolean(name='HardExpire', description='Indicates whether to disable logon after the password expires.', example='false'),
    maxLoginAttemps?: int32(name='MaxLoginAttemps', description='The maximum number of password retries.', example='0'),
    maxPasswordAge?: int32(name='MaxPasswordAge', description='The validity period of the password.', example='0'),
    minimumPasswordDifferentCharacter?: int32(name='MinimumPasswordDifferentCharacter', description='The minimum number of unique characters in the password.', example='0'),
    minimumPasswordLength?: int32(name='MinimumPasswordLength', description='The minimum required number of characters in a password.', example='8'),
    passwordNotContainUserName?: boolean(name='PasswordNotContainUserName', description='Indicates whether to exclude the username from the password.', example='false'),
    passwordReusePrevention?: int32(name='PasswordReusePrevention', description='The policy for password history check.', example='0'),
    requireLowercaseCharacters?: boolean(name='RequireLowercaseCharacters', description='Indicates whether the password must contain lowercase letters.', example='false'),
    requireNumbers?: boolean(name='RequireNumbers', description='Indicates whether the password must contain digits.', example='false'),
    requireSymbols?: boolean(name='RequireSymbols', description='Indicates whether the password must contain special characters.', example='false'),
    requireUppercaseCharacters?: boolean(name='RequireUppercaseCharacters', description='Indicates whether the password must contain uppercase letters.', example='false'),
  }(name='PasswordPolicy', description='The details of the password policy.'),
  requestId?: string(name='RequestId', description='The request ID.', example='BDAA8408-E67C-428B-BFF0-1B2AC05C9610'),
}

model GetPasswordPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordPolicyResponseBody(name='body'),
}

/**
 * @summary Queries the details of the password policy for RAM users.
 *
 * @param request GetPasswordPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordPolicyResponse
 */
async function getPasswordPolicyWithOptions(runtime: Util.RuntimeOptions): GetPasswordPolicyResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetPasswordPolicy',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the details of the password policy for RAM users.
 *
 * @return GetPasswordPolicyResponse
 */
async function getPasswordPolicy(): GetPasswordPolicyResponse {
  var runtime = new Util.RuntimeOptions{};
  return getPasswordPolicyWithOptions(runtime);
}

model GetSAMLProviderRequest {
  SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.

This parameter is required.', example='test-provider'),
}

model GetSAMLProviderResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='BAADB995-0C7A-476D-B293-7E94568EEDFB'),
  SAMLProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the IdP.', example='acs:ram::177242285274****:saml-provider/test-provider'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-22T02:37:05Z'),
    description?: string(name='Description', description='The description.', example='This is a provider.'),
    encodedSAMLMetadataDocument?: string(name='EncodedSAMLMetadataDocument', description='The metadata file, which is Base64 encoded.', example='PD94bWwgdmVy****'),
    SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.', example='test-provider'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-22T02:51:20Z'),
  }(name='SAMLProvider', description='The information about the IdP.'),
}

model GetSAMLProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetSAMLProviderResponseBody(name='body'),
}

/**
 * @summary Queries the information about an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request GetSAMLProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetSAMLProviderResponse
 */
async function getSAMLProviderWithOptions(request: GetSAMLProviderRequest, runtime: Util.RuntimeOptions): GetSAMLProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.SAMLProviderName)) {
    query['SAMLProviderName'] = request.SAMLProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetSAMLProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @param request GetSAMLProviderRequest
 * @return GetSAMLProviderResponse
 */
async function getSAMLProvider(request: GetSAMLProviderRequest): GetSAMLProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return getSAMLProviderWithOptions(request, runtime);
}

model GetSecurityPreferenceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='30C9068D-FBAA-4998-9986-8A562FED0BC3'),
  securityPreference?: {
    accessKeyPreference?: {
      allowUserToManageAccessKeys?: boolean(name='AllowUserToManageAccessKeys', description='Indicates whether RAM users can manage their AccessKey pairs. Valid values:

*   true
*   false', example='false'),
    }(name='AccessKeyPreference', description='The AccessKey pair preference.'),
    loginProfilePreference?: {
      allowUserToChangePassword?: boolean(name='AllowUserToChangePassword', description='Indicates whether RAM users can change their passwords. Valid values:

*   true
*   false', example='true'),
      allowUserToLoginWithPasskey?: boolean(name='AllowUserToLoginWithPasskey', description='Indicates whether a RAM user can use a passkey for logon. Valid values:

*   true
*   false', example='true'),
      enableSaveMFATicket?: boolean(name='EnableSaveMFATicket', description='Indicates whether RAM users can remember the multi-factor authentication (MFA) devices for seven days. Valid values:

*   true
*   false', example='false'),
      loginNetworkMasks?: string(name='LoginNetworkMasks', description='The subnet mask.', example='10.0.0.0/8'),
      loginSessionDuration?: int32(name='LoginSessionDuration', description='The validity period of the logon session of RAM users. Unit: hours.', example='6'),
      MFAOperationForLogin?: string(name='MFAOperationForLogin', description='Indicates whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console. Valid values:

*   mandatory: MFA is required for all RAM users. If you use EnforceMFAForLogin, set the value to true.
*   independent (default): User-specific settings are applied. If you use EnforceMFAForLogin, set the value to false.
*   adaptive: MFA is required only for RAM users who initiated unusual logons.', example='adaptive'),
      operationForRiskLogin?: string(name='OperationForRiskLogin', description='Indicates whether to enable MFA for RAM users who initiated unusual logons. Valid values:

*   autonomous (default): yes. MFA is prompted for RAM users who initiated unusual logons. However, the RAM users are allowed to skip MFA.
*   enforceVerify: MFA is prompted for RAM users who initiated unusual logons and the RAM users cannot skip MFA.', example='autonomous'),
    }(name='LoginProfilePreference', description='The logon preference.'),
    MFAPreference?: {
      allowUserToManageMFADevices?: boolean(name='AllowUserToManageMFADevices', description='Indicates whether RAM users can manage their MFA devices. Valid values:

*   true
*   false', example='false'),
    }(name='MFAPreference', description='The MFA preference.'),
    maxIdleDays?: {
      maxIdleDaysForAccessKeys?: int32(name='MaxIdleDaysForAccessKeys', description='The maximum number of days that the AccessKey pair of a RAM user can stay unused. If an AccessKey pair is not used in the previous specified number of days, the AccessKey pair is automatically disabled on the next day. The default value is 730. You cannot change the value.', example='730'),
      maxIdleDaysForUsers?: int32(name='MaxIdleDaysForUsers', description='The maximum number of days that a RAM user can stay idle. If a RAM user for whom console logon is enabled does not log on to the console in the previous specified number of days, console logon is automatically disabled for the RAM user on the next day. Single sign-on (SSO) is not involved. The default value is 730. You cannot change the value.', example='730'),
    }(name='MaxIdleDays', description='The maximum idle periods. Unit: days.'),
    personalInfoPreference?: {
      allowUserToManagePersonalDingTalk?: boolean(name='AllowUserToManagePersonalDingTalk', description='Indicates whether RAM users can manage their personal DingTalk accounts, such as binding and unbinding of the accounts. Valid values:

*   true
*   false', example='true'),
    }(name='PersonalInfoPreference', description='The personal information preference.'),
    verificationPreference?: {
      verificationTypes?: [ string ](name='VerificationTypes', description='The MFA methods.'),
    }(name='VerificationPreference', description='The MFA method preference.'),
  }(name='SecurityPreference', description='The details of security preferences.'),
}

model GetSecurityPreferenceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetSecurityPreferenceResponseBody(name='body'),
}

/**
 * @summary Queries the security preferences for RAM users.
 *
 * @param request GetSecurityPreferenceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetSecurityPreferenceResponse
 */
async function getSecurityPreferenceWithOptions(runtime: Util.RuntimeOptions): GetSecurityPreferenceResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetSecurityPreference',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the security preferences for RAM users.
 *
 * @return GetSecurityPreferenceResponse
 */
async function getSecurityPreference(): GetSecurityPreferenceResponse {
  var runtime = new Util.RuntimeOptions{};
  return getSecurityPreferenceWithOptions(runtime);
}

model GetUserRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the RAM user.

> You must specify only one of the following parameters: `UserPrincipalName`, `UserId`, and `UserAccessKeyId`.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userId?: string(name='UserId', description='The ID of the RAM user.

> You must specify only one of the following parameters: `UserPrincipalName`, `UserId`, and `UserAccessKeyId`.', example='20732900249392****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

The name is in the format of `<username>@<AccountAlias>.onaliyun.com`. `<username>` indicates the name of the RAM user. `<AccountAlias>.onaliyun.com` indicates the default domain name.

The value of `UserPrincipalName` must be `1 to 128` characters in length and can contain letters, digits, periods (.), hyphens (-), and underscores (_). The value of `<username>` must be `1 to 64` characters in length.

> You must specify only one of the following parameters: `UserPrincipalName`, `UserId`, and `UserAccessKeyId`.', example='test@example.onaliyun.com'),
}

model GetUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
  user?: {
    comments?: string(name='Comments', description='The description.', example='This is a cloud computing engineer.'),
    createDate?: string(name='CreateDate', description='The time when the RAM user was created.', example='2020-10-12T09:12:00Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
    email?: string(name='Email', description='The email address of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='alice@example.com'),
    lastLoginDate?: string(name='LastLoginDate', description='The last time when the RAM user logged on to the Alibaba Cloud Management Console.', example='2020-10-12T09:12:00Z'),
    mobilePhone?: string(name='MobilePhone', description='The mobile phone number of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='86-1868888****'),
    provisionType?: string(name='ProvisionType', description='The source of the RAM user. Valid value:

*   Manual: The RAM user is manually created in the RAM console.
*   SCIM: The RAM user is mapped by using System for Cross-domain Identity Management (SCIM).
*   CloudSSO: The RAM user is mapped from a CloudSSO user.', example='CloudSSO'),
    tags?: {
      tag?: [ 
      {
        tagKey?: string(name='TagKey', description='The tag key.', example='operator'),
        tagValue?: string(name='TagValue', description='The tag value.', example='alice'),
      }
    ](name='Tag')
    }(name='Tags', description='The tags.'),
    updateDate?: string(name='UpdateDate', description='The time when the information about the RAM user was updated.', example='2020-10-13T07:39:22Z'),
    userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
    userName?: string(name='UserName'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  }(name='User', description='The information about the RAM user.'),
}

model GetUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserResponseBody(name='body'),
}

/**
 * @summary Queries the information about a RAM user.
 *
 * @description This topic provides an example to show how to query the information about a RAM user named `test@example.onaliyun.com`.
 *
 * @param request GetUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserResponse
 */
async function getUserWithOptions(request: GetUserRequest, runtime: Util.RuntimeOptions): GetUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUser',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about a RAM user.
 *
 * @description This topic provides an example to show how to query the information about a RAM user named `test@example.onaliyun.com`.
 *
 * @param request GetUserRequest
 * @return GetUserResponse
 */
async function getUser(request: GetUserRequest): GetUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserWithOptions(request, runtime);
}

model GetUserInRecycleBinRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the RAM user.

>  You must specify only one of the following parameters: `UserId` and `UserAccessKeyId`.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userId?: string(name='UserId', description='The ID of the RAM user.

>  You must specify only one of the following parameters: `UserId` and `UserAccessKeyId`.', example='20732900249392****'),
}

model GetUserInRecycleBinResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
  user?: {
    createDate?: string(name='CreateDate', description='The time when the RAM user was created.', example='2020-10-11T09:12:00Z'),
    deleteDate?: string(name='DeleteDate', description='The time when the RAM user will be permanently deleted from the recycle bin.', example='2020-11-12T09:12:00Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
    recycleDate?: string(name='RecycleDate', description='The time when the RAM user was deleted and moved to the recycle bin.', example='2020-10-12T09:12:00Z'),
    userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  }(name='User', description='The information about the RAM user.'),
}

model GetUserInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Queries information about a specific Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request GetUserInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserInRecycleBinResponse
 */
async function getUserInRecycleBinWithOptions(request: GetUserInRecycleBinRequest, runtime: Util.RuntimeOptions): GetUserInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about a specific Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request GetUserInRecycleBinRequest
 * @return GetUserInRecycleBinResponse
 */
async function getUserInRecycleBin(request: GetUserInRecycleBinRequest): GetUserInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserInRecycleBinWithOptions(request, runtime);
}

model GetUserMFAInfoRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user. This parameter is differently set in the following scenarios:

*   If you use a RAM user to call this operation, this parameter can be left empty. If you do not specify this parameter, information about the MFA device that is bound to the RAM user is queried.
*   If you use an Alibaba Cloud account to call this operation, you must set this parameter to the logon name of the RAM user that you want to query.', example='test@example.onaliyun.com'),
}

model GetUserMFAInfoResponseBody = {
  isMFAEnable?: boolean(name='IsMFAEnable', description='Indicates whether the MFA device is enabled. Valid values:

*   true
*   false', example='true'),
  MFADevice?: {
    serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.', example='acs:ram::177242285274****:mfa/device001'),
    type?: string(name='Type', description='The type of the MFA device. Valid values:

*   VMFA: virtual MFA device.
*   U2F: Universal 2nd Factor (U2F) security key.', example='VMFA'),
  }(name='MFADevice', description='The information about the MFA device.'),
  requestId?: string(name='RequestId', description='The request ID.', example='FCF7322A-20A9-4F68-8B7F-F86958839BC0'),
}

model GetUserMFAInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserMFAInfoResponseBody(name='body'),
}

/**
 * @summary Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user.
 *
 * @param request GetUserMFAInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserMFAInfoResponse
 */
async function getUserMFAInfoWithOptions(request: GetUserMFAInfoRequest, runtime: Util.RuntimeOptions): GetUserMFAInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserMFAInfo',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user.
 *
 * @param request GetUserMFAInfoRequest
 * @return GetUserMFAInfoResponse
 */
async function getUserMFAInfo(request: GetUserMFAInfoRequest): GetUserMFAInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserMFAInfoWithOptions(request, runtime);
}

model GetUserSsoSettingsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='69FC3E5E-D3D9-434B-90CA-BBA8E0551A47'),
  userSsoSettings?: {
    auxiliaryDomain?: string(name='AuxiliaryDomain', description='The auxiliary domain name.', example='example.com'),
    metadataDocument?: string(name='MetadataDocument', description='The metadata file, which is Base64-encoded.', example='PD94bWwgdmVy****'),
    ssoEnabled?: boolean(name='SsoEnabled', description='Indicates whether user-based SSO is enabled.', example='false'),
    ssoLoginWithDomain?: boolean(name='SsoLoginWithDomain', description='Indicates whether the Security Assertion Markup Language (SAML) SSO requires a domain name in the `<saml:NameID>` element of the SAML response. If yes, the username specified by the identity provider (IdP) for SSO must have a domain name as the suffix.

*   If the value of the parameter is `true`, the `<saml:NameID>` element **must** be in the `username@domain` format. You can set `domain` to the default domain name or the configured domain alias.
*   If the value of the parameter is `false`, the `<saml:NameID>` element **must** be in the `username` format and **cannot** contain the `domain` suffix.

The default value is `true`.', example='true'),
  }(name='UserSsoSettings', description='The configurations of user-based SSO.'),
}

model GetUserSsoSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserSsoSettingsResponseBody(name='body'),
}

/**
 * @summary Queries the configurations of user-based single sign-on (SSO).
 *
 * @param request GetUserSsoSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserSsoSettingsResponse
 */
async function getUserSsoSettingsWithOptions(runtime: Util.RuntimeOptions): GetUserSsoSettingsResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetUserSsoSettings',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the configurations of user-based single sign-on (SSO).
 *
 * @return GetUserSsoSettingsResponse
 */
async function getUserSsoSettings(): GetUserSsoSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserSsoSettingsWithOptions(runtime);
}

model GetVerificationInfoRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
}

model GetVerificationInfoResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B182C041-8C64-5F2F-A07B-FC67FAF89CF9'),
  securityEmailDevice?: {
    email?: string(name='Email', description='The email address.', example='username@example.com'),
    status?: string(name='Status', description='The status of the email. Valid values:

*   active: The email is activated.
*   pending: The email is pending for activation.', example='active'),
  }(name='SecurityEmailDevice', description='The information about the email.'),
  securityPhoneDevice?: {
    areaCode?: string(name='AreaCode', description='The international dialing code.', example='86'),
    phoneNumber?: string(name='PhoneNumber', description='The mobile phone number.', example='13900001234'),
    status?: string(name='Status', description='The status of the mobile phone. Valid values:

*   active: The mobile phone is activated.
*   pending: The mobile phone is pending for activation.', example='active'),
  }(name='SecurityPhoneDevice', description='The information about the mobile phone.'),
}

model GetVerificationInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetVerificationInfoResponseBody(name='body'),
}

/**
 * @summary Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user.
 *
 * @param request GetVerificationInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetVerificationInfoResponse
 */
async function getVerificationInfoWithOptions(request: GetVerificationInfoRequest, runtime: Util.RuntimeOptions): GetVerificationInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetVerificationInfo',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user.
 *
 * @param request GetVerificationInfoRequest
 * @return GetVerificationInfoResponse
 */
async function getVerificationInfo(request: GetVerificationInfoRequest): GetVerificationInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getVerificationInfoWithOptions(request, runtime);
}

model ListAccessKeysRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

If this parameter is empty, the AccessKey pairs of the current user are queried.', example='test@example.onaliyun.com'),
}

model ListAccessKeysResponseBody = {
  accessKeys?: {
    accessKey?: [ 
    {
      accessKeyId?: string(name='AccessKeyId', description='The AccessKey ID.', example='0wNEpMMlzy7s****'),
      createDate?: string(name='CreateDate', description='The time when the AccessKey pair was created.', example='2020-10-13T12:33:18Z'),
      status?: string(name='Status', description='The status of the AccessKey pair. Valid values:

*   Active
*   Inactive', example='Active'),
      updateDate?: string(name='UpdateDate', description='The time when the AccessKey pair was updated.', example='2020-10-13T12:33:18Z'),
    }
  ](name='AccessKey')
  }(name='AccessKeys', description='The information about the AccessKey pairs.'),
  requestId?: string(name='RequestId', description='The request ID.', example='4B450CA1-36E8-4AA2-8461-86B42BF4CC4E'),
}

model ListAccessKeysResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccessKeysResponseBody(name='body'),
}

/**
 * @summary Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request ListAccessKeysRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccessKeysResponse
 */
async function listAccessKeysWithOptions(request: ListAccessKeysRequest, runtime: Util.RuntimeOptions): ListAccessKeysResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAccessKeys',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request ListAccessKeysRequest
 * @return ListAccessKeysResponse
 */
async function listAccessKeys(request: ListAccessKeysRequest): ListAccessKeysResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccessKeysWithOptions(request, runtime);
}

model ListAccessKeysInRecycleBinRequest {
  userId?: string(name='UserId', description='The ID of the Resource Access Management (RAM) user.', example='20732900249392****'),
}

model ListAccessKeysInRecycleBinResponseBody = {
  accessKeys?: {
    accessKey?: [ 
    {
      accessKeyId?: string(name='AccessKeyId', description='The AccessKey ID.', example='LTAI4GFTgcR8m8cZQDTH****'),
      createDate?: string(name='CreateDate', description='The time when the AccessKey pair was created.', example='2020-10-11T09:12:00Z'),
      deleteDate?: string(name='DeleteDate', description='The time when the AccessKey pair will be permanently deleted from the recycle bin.', example='2020-11-12T09:12:00Z'),
      recycleDate?: string(name='RecycleDate', description='The time when the AccessKey pair was deleted and moved to the recycle bin.', example='2020-10-12T09:12:00Z'),
    }
  ](name='AccessKey')
  }(name='AccessKeys', description='The information about the AccessKey pairs.'),
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model ListAccessKeysInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccessKeysInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request ListAccessKeysInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccessKeysInRecycleBinResponse
 */
async function listAccessKeysInRecycleBinWithOptions(request: ListAccessKeysInRecycleBinRequest, runtime: Util.RuntimeOptions): ListAccessKeysInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAccessKeysInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin.
 *
 * @param request ListAccessKeysInRecycleBinRequest
 * @return ListAccessKeysInRecycleBinResponse
 */
async function listAccessKeysInRecycleBin(request: ListAccessKeysInRecycleBinRequest): ListAccessKeysInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccessKeysInRecycleBinWithOptions(request, runtime);
}

model ListAppSecretIdsRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
}

model ListAppSecretIdsResponseBody = {
  appSecrets?: {
    appSecret?: [ 
    {
      appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
      appSecretId?: string(name='AppSecretId', description='The ID of the application secret.', example='2efd5004-005c-4f05-83c6-5b1dd176****'),
      createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-26T03:18:39Z'),
    }
  ](name='AppSecret')
  }(name='AppSecrets', description='The details of the application secret.'),
  requestId?: string(name='RequestId', description='The request ID.', example='5F2FD500-7173-47D6-BD2F-EB60879B4F16'),
}

model ListAppSecretIdsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAppSecretIdsResponseBody(name='body'),
}

/**
 * @summary Queries the secret IDs of an application.
 *
 * @param request ListAppSecretIdsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAppSecretIdsResponse
 */
async function listAppSecretIdsWithOptions(request: ListAppSecretIdsRequest, runtime: Util.RuntimeOptions): ListAppSecretIdsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAppSecretIds',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the secret IDs of an application.
 *
 * @param request ListAppSecretIdsRequest
 * @return ListAppSecretIdsResponse
 */
async function listAppSecretIds(request: ListAppSecretIdsRequest): ListAppSecretIdsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAppSecretIdsWithOptions(request, runtime);
}

model ListApplicationProvisionInfosRequest {
  sourceType?: string(name='SourceType', description='The source of the applications. Valid values:

*   inner: The applications are from the current account.
*   external: The applications are from other accounts.', example='external'),
}

model ListApplicationProvisionInfosResponseBody = {
  applicationProvisionInfos?: {
    applicationProvisionInfo?: [ 
    {
      accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account.', example='177242285274****'),
      appId?: string(name='AppId', description='The ID of the application.', example='452392483381546****'),
      appName?: string(name='AppName', description='The name of the application.', example='GiteePrd'),
      createDate?: string(name='CreateDate', description='The time when the application was installed. The value is a timestamp.', example='1603693518000'),
      delegatedScope?: {
        predefinedScopes?: {
          predefinedScope?: [ 
          {
            description?: string(name='Description', description='The description of the permission.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
            name?: string(name='Name', description='The name of the permission.', example='openid'),
          }
        ](name='PredefinedScope')
        }(name='PredefinedScopes', description='The information about the permissions that are granted to the application.'),
      }(name='DelegatedScope', description='The information about the permissions that are granted to the application.'),
      displayName?: string(name='DisplayName', description='The display name of the application.', example='GiteeAliyun'),
      updateDate?: string(name='UpdateDate', description='The update time. The value is a timestamp.', example='1603693518000'),
    }
  ](name='ApplicationProvisionInfo')
  }(name='ApplicationProvisionInfos', description='The information about the installed applications.'),
  requestId?: string(name='RequestId', description='The request ID.', example='E403EBFD-C997-489D-BFC7-37C05E66D67C'),
}

model ListApplicationProvisionInfosResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationProvisionInfosResponseBody(name='body'),
}

/**
 * @summary Queries installation information about all installed applications.
 *
 * @param request ListApplicationProvisionInfosRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationProvisionInfosResponse
 */
async function listApplicationProvisionInfosWithOptions(request: ListApplicationProvisionInfosRequest, runtime: Util.RuntimeOptions): ListApplicationProvisionInfosResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.sourceType)) {
    query['SourceType'] = request.sourceType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListApplicationProvisionInfos',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries installation information about all installed applications.
 *
 * @param request ListApplicationProvisionInfosRequest
 * @return ListApplicationProvisionInfosResponse
 */
async function listApplicationProvisionInfos(request: ListApplicationProvisionInfosRequest): ListApplicationProvisionInfosResponse {
  var runtime = new Util.RuntimeOptions{};
  return listApplicationProvisionInfosWithOptions(request, runtime);
}

model ListApplicationsResponseBody = {
  applications?: {
    application?: [ 
    {
      accessTokenValidity?: int32(name='AccessTokenValidity', description='The validity period of the access token. Unit: seconds.', example='3600'),
      accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account to which the application belongs.', example='177242285274****'),
      appId?: string(name='AppId', description='The ID of the application.', example='441442900344560****'),
      appName?: string(name='AppName', description='The application name.', example='myapp'),
      appType?: string(name='AppType', description='The application type. Valid values:

*   WebApp: a web application.
*   NativeApp: a native application that runs on an operating system, such as a desktop or mobile operating system.
*   ServerApp: an application that can access Alibaba Cloud services without the need for user logon. Only applications that synchronize user information based on the System for Cross-domain Identity Management (SCIM) protocol are supported.', example='WebApp'),
      createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-23T09:33:22Z'),
      delegatedScope?: {
        predefinedScopes?: {
          predefinedScope?: [ 
          {
            description?: string(name='Description', description='The description of the permission.', example='Obtain the OpenID of the user. This is the default permission that you cannot remove.'),
            name?: string(name='Name', description='The name of the permission.', example='openid'),
            required?: boolean(name='Required', description='Indicates whether the permission is automatically selected by default when you install the application. Valid values:

*   true
*   false

`openid` is required by default.', example='true'),
          }
        ](name='PredefinedScope')
        }(name='PredefinedScopes', description='The information about the permissions that are granted on the application.'),
      }(name='DelegatedScope', description='The information about the permissions that are granted on the application.'),
      displayName?: string(name='DisplayName', description='The display name of the application.', example='myapp'),
      isMultiTenant?: boolean(name='IsMultiTenant', description='Indicates whether the application can be installed by using other Alibaba Cloud accounts.', example='true'),
      redirectUris?: {
        redirectUri?: [ string ](name='RedirectUri')
      }(name='RedirectUris', description='The callback URLs.'),
      refreshTokenValidity?: int32(name='RefreshTokenValidity', description='The validity period of the refresh token. Unit: seconds.', example='7776000'),
      secretRequired?: boolean(name='SecretRequired', description='Indicates whether a secret is required.', example='true'),
      updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-23T09:33:22Z'),
    }
  ](name='Application')
  }(name='Applications', description='The information about the application.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='CE458B58-8C40-46F7-A9D4-CB85136B0C06'),
}

model ListApplicationsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListApplicationsResponseBody(name='body'),
}

/**
 * @summary Lists the created applications.
 *
 * @description This topic provides an example on how to query the applications within the current account. The returned result shows that only one application named `myapp` belongs to the current account.
 *
 * @param request ListApplicationsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListApplicationsResponse
 */
async function listApplicationsWithOptions(runtime: Util.RuntimeOptions): ListApplicationsResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'ListApplications',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Lists the created applications.
 *
 * @description This topic provides an example on how to query the applications within the current account. The returned result shows that only one application named `myapp` belongs to the current account.
 *
 * @return ListApplicationsResponse
 */
async function listApplications(): ListApplicationsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listApplicationsWithOptions(runtime);
}

model ListExternalApplicationsResponseBody = {
  externalApplications?: {
    externalApplication?: [ 
    {
      appPrincipalName?: string(name='AppPrincipalName', description='The name of the external application principal. The value is in the `<app_name>@app.<account_id>.onaliyun.com` format.', example='GiteePrd@app.153082740420****.onaliyun.com'),
      createDate?: string(name='CreateDate', description='The time when the external application was installed. The value is a timestamp.', example='1603693318000'),
      delegatedScope?: {
        predefinedScopes?: {
          predefinedScope?: [ 
          {
            description?: string(name='Description', description='The description of the permission.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
            name?: string(name='Name', description='The name of the permission.', example='openid'),
          }
        ](name='PredefinedScope')
        }(name='PredefinedScopes', description='The information about the permissions that are granted to the external application.'),
      }(name='DelegatedScope', description='The information about the permissions that are granted to the external application.'),
      displayName?: string(name='DisplayName', description='The display name of the external application.', example='GiteeAliyun'),
      foreignAppId?: string(name='ForeignAppId', description='The ID of the external application.', example='407426893752729****'),
      tenantId?: string(name='TenantId', description='The ID of the Alibaba Cloud account for which the external application was installed.', example='173082740420****'),
      updateDate?: string(name='UpdateDate', description='The update time of the external application. The value is a timestamp.', example='1603693518000'),
    }
  ](name='ExternalApplication')
  }(name='ExternalApplications', description='The information about the external applications.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='A pagination token. It can be used in the next request to retrieve a new page of results.

>  This parameter is returned only when `IsTruncated` is `true`.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='936E1D9C-157D-45BD-8A3B-81C0716EB077'),
}

model ListExternalApplicationsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListExternalApplicationsResponseBody(name='body'),
}

/**
 * @summary Queries information about all installed external applications.
 *
 * @param request ListExternalApplicationsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListExternalApplicationsResponse
 */
async function listExternalApplicationsWithOptions(runtime: Util.RuntimeOptions): ListExternalApplicationsResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'ListExternalApplications',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about all installed external applications.
 *
 * @return ListExternalApplicationsResponse
 */
async function listExternalApplications(): ListExternalApplicationsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listExternalApplicationsWithOptions(runtime);
}

model ListGroupsRequest {
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries to return. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be `true`.

Valid values: 1 to 100. Default value: 100.', example='100'),
}

model ListGroupsResponseBody = {
  groups?: {
    group?: [ 
    {
      comments?: string(name='Comments', description='The description.', example='Dev-Team'),
      createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-19T12:33:18Z'),
      displayName?: string(name='DisplayName', description='The display name of the RAM user group.', example='Dev-Team'),
      groupId?: string(name='GroupId', description='The ID of the RAM user group.', example='740317625433843****'),
      groupName?: string(name='GroupName', description='The name of the RAM user group.', example='dev-team'),
      updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-19T12:33:18Z'),
    }
  ](name='Group')
  }(name='Groups', description='The information about the RAM user groups.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The `marker`. This parameter is returned only if the value of `IsTruncated` is `true`. If the parameter is returned, you can call this operation again and set this parameter to obtain the truncated part.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='065527AA-2F2E-AD7C-7484-F2626CFE4934'),
}

model ListGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsResponseBody(name='body'),
}

/**
 * @summary Queries Resource Access Management (RAM) user groups.
 *
 * @param request ListGroupsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsResponse
 */
async function listGroupsWithOptions(request: ListGroupsRequest, runtime: Util.RuntimeOptions): ListGroupsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListGroups',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries Resource Access Management (RAM) user groups.
 *
 * @param request ListGroupsRequest
 * @return ListGroupsResponse
 */
async function listGroups(request: ListGroupsRequest): ListGroupsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listGroupsWithOptions(request, runtime);
}

model ListGroupsForUserRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model ListGroupsForUserResponseBody = {
  groups?: {
    group?: [ 
    {
      comments?: string(name='Comments', description='The description.', example='Test-Team'),
      displayName?: string(name='DisplayName', description='The display name of the RAM user group.', example='Test-Team'),
      groupId?: string(name='GroupId', description='The ID of the RAM user group.', example='740317625433843****'),
      groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Test-Team'),
      joinDate?: string(name='JoinDate', description='The time when the RAM user was added.', example='2020-10-20T06:57:00Z'),
    }
  ](name='Group')
  }(name='Groups', description='The information about the RAM user groups.'),
  requestId?: string(name='RequestId', description='The request ID.', example='7158A935-FB5E-49A7-8E52-FDA5B2B67247'),
}

model ListGroupsForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsForUserResponseBody(name='body'),
}

/**
 * @summary Queries the Resource Access Management (RAM) user groups to which a RAM user belongs.
 *
 * @param request ListGroupsForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUserWithOptions(request: ListGroupsForUserRequest, runtime: Util.RuntimeOptions): ListGroupsForUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListGroupsForUser',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the Resource Access Management (RAM) user groups to which a RAM user belongs.
 *
 * @param request ListGroupsForUserRequest
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUser(request: ListGroupsForUserRequest): ListGroupsForUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return listGroupsForUserWithOptions(request, runtime);
}

model ListOIDCProvidersRequest {
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries per page. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be `true`.

Valid values: 1 to 100. Default value: 100.', example='100'),
}

model ListOIDCProvidersResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='false'),
  marker?: string(name='Marker', description='The `marker`. This parameter is returned only if the value of `IsTruncated` is `true`. If the parameter is returned, you can call this operation again and set this parameter to obtain the truncated part.``', example='EXAMPLE'),
  OIDCProviders?: {
    OIDCProvider?: [ 
    {
      arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
      clientIds?: string(name='ClientIds', description='The ID of the client, If you want to specify multiple client IDs, separate the client IDs with commas (,).', example='498469743454717****'),
      createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
      description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
      fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
      gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
      gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
      issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
      issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
      OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
      updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
    }
  ](name='OIDCProvider')
  }(name='OIDCProviders', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='D2148337-B86A-57F0-8B31-EB7BE0125226'),
}

model ListOIDCProvidersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOIDCProvidersResponseBody(name='body'),
}

/**
 * @summary Queries OIDC IdPs.
 *
 * @description ###
 * This topic provides an example on how to query all OpenID Connect (OIDC) identity providers (IdPs) within your Alibaba Cloud account. The response shows that your Alibaba Cloud account has only one OIDC IdP named `TestOIDCProvider`.
 *
 * @param request ListOIDCProvidersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOIDCProvidersResponse
 */
async function listOIDCProvidersWithOptions(request: ListOIDCProvidersRequest, runtime: Util.RuntimeOptions): ListOIDCProvidersResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListOIDCProviders',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries OIDC IdPs.
 *
 * @description ###
 * This topic provides an example on how to query all OpenID Connect (OIDC) identity providers (IdPs) within your Alibaba Cloud account. The response shows that your Alibaba Cloud account has only one OIDC IdP named `TestOIDCProvider`.
 *
 * @param request ListOIDCProvidersRequest
 * @return ListOIDCProvidersResponse
 */
async function listOIDCProviders(request: ListOIDCProvidersRequest): ListOIDCProvidersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listOIDCProvidersWithOptions(request, runtime);
}

model ListPasskeysRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
}

model ListPasskeysResponseBody = {
  passkeys?: [ 
    {
      createDate?: string(name='CreateDate', description='The time when the passkey was created. The value is a timestamp.', example='1737450279'),
      lastUseDate?: string(name='LastUseDate', description='The time when the passkey was last used. The value is a timestamp.', example='1737450390'),
      passkeyId?: string(name='PasskeyId', description='The ID of the passkey.', example='PASSKEY-CuZjEHhWcr7GIQOMGvkS'),
      passkeyName?: string(name='PasskeyName', description='The name of the passkey.', example='device1'),
    }
  ](name='Passkeys', description='The information about the passkeys.'),
  requestId?: string(name='RequestId', description='The request ID.', example='04F0F334-1335-436C-A1D7-6C044FE73368'),
}

model ListPasskeysResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListPasskeysResponseBody(name='body'),
}

/**
 * @summary Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user.
 *
 * @param request ListPasskeysRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListPasskeysResponse
 */
async function listPasskeysWithOptions(request: ListPasskeysRequest, runtime: Util.RuntimeOptions): ListPasskeysResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListPasskeys',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user.
 *
 * @param request ListPasskeysRequest
 * @return ListPasskeysResponse
 */
async function listPasskeys(request: ListPasskeysRequest): ListPasskeysResponse {
  var runtime = new Util.RuntimeOptions{};
  return listPasskeysWithOptions(request, runtime);
}

model ListPredefinedScopesRequest {
  appType?: string(name='AppType', description='The type of the application. Valid values:

*   WebApp
*   NativeApp
*   ServerApp

If this parameter is empty, the permissions on all types of applications are queried.', example='WebApp'),
}

model ListPredefinedScopesResponseBody = {
  predefinedScopes?: {
    predefinedScope?: [ 
    {
      description?: string(name='Description', description='The description of the permission scope.', example='Obtain the OpenID of the user. This is the default permission that you cannot remove.'),
      name?: string(name='Name', description='The name of the permission scope.', example='openid'),
    }
  ](name='PredefinedScope')
  }(name='PredefinedScopes', description='The information about application permissions.'),
  requestId?: string(name='RequestId', description='The request ID.', example='955C096D-EC99-480B-AF37-3921109107D0'),
}

model ListPredefinedScopesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListPredefinedScopesResponseBody(name='body'),
}

/**
 * @summary Queries predefined application permissions.
 *
 * @param request ListPredefinedScopesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListPredefinedScopesResponse
 */
async function listPredefinedScopesWithOptions(request: ListPredefinedScopesRequest, runtime: Util.RuntimeOptions): ListPredefinedScopesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appType)) {
    query['AppType'] = request.appType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListPredefinedScopes',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries predefined application permissions.
 *
 * @param request ListPredefinedScopesRequest
 * @return ListPredefinedScopesResponse
 */
async function listPredefinedScopes(request: ListPredefinedScopesRequest): ListPredefinedScopesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listPredefinedScopesWithOptions(request, runtime);
}

model ListRecentGovernanceMetricsResponseBody = {
  generateTime?: string(name='GenerateTime', description='The time when the report was generated.', example='2025-02-10T02:11:23Z'),
  governanceMetrics?: {
    governanceMetric?: [ 
    {
      governanceItem?: string(name='GovernanceItem', description='The name of the governance item.', example='RecentAccountLoginTimes'),
      metricType?: string(name='MetricType', description='The type of the metric value. Valid values:

*   Number
*   String
*   Boolean', example='Number'),
      metricValue?: any(name='MetricValue', description='The metric value. The type of the metric value is determined by `MetricType`.', example='5'),
    }
  ](name='GovernanceMetric')
  }(name='GovernanceMetrics', description='The metric values of all governance items. The value of the parameter is an array, and each row in the array contains the metric value of a governance item.'),
  requestId?: string(name='RequestId', description='The request ID.', example='49846A91-C1C5-5C2B-BC64-8B0B7BADB4C0'),
}

model ListRecentGovernanceMetricsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListRecentGovernanceMetricsResponseBody(name='body'),
}

/**
 * @summary Queries all metric values in the most recent governance check.
 *
 * @param request ListRecentGovernanceMetricsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListRecentGovernanceMetricsResponse
 */
async function listRecentGovernanceMetricsWithOptions(runtime: Util.RuntimeOptions): ListRecentGovernanceMetricsResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'ListRecentGovernanceMetrics',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries all metric values in the most recent governance check.
 *
 * @return ListRecentGovernanceMetricsResponse
 */
async function listRecentGovernanceMetrics(): ListRecentGovernanceMetricsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listRecentGovernanceMetricsWithOptions(runtime);
}

model ListSAMLProvidersRequest {
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries to return. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be `true`.

Valid values: 1 to 100. Default value: 100.', example='100'),
}

model ListSAMLProvidersResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The `marker`. This parameter is returned only if the value of `IsTruncated` is `true`. If the parameter is returned, you can call this operation again and set this parameter to obtain the truncated part.``', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='2D8B70D3-E194-41C9-93C5-F6A10D716D24'),
  SAMLProviders?: {
    SAMLProvider?: [ 
    {
      arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the IdP.', example='acs:ram::177242285274****:saml-provider/test-provider'),
      createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-22T06:26:15Z'),
      description?: string(name='Description', description='The description.', example='This is a provider.'),
      SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.', example='test-provider'),
      updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-22T06:26:15Z'),
    }
  ](name='SAMLProvider')
  }(name='SAMLProviders', description='The information about IdPs.'),
}

model ListSAMLProvidersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListSAMLProvidersResponseBody(name='body'),
}

/**
 * @summary Queries information about identity providers (IdPs) for role-based single sign-on (SSO).
 *
 * @param request ListSAMLProvidersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListSAMLProvidersResponse
 */
async function listSAMLProvidersWithOptions(request: ListSAMLProvidersRequest, runtime: Util.RuntimeOptions): ListSAMLProvidersResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListSAMLProviders',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about identity providers (IdPs) for role-based single sign-on (SSO).
 *
 * @param request ListSAMLProvidersRequest
 * @return ListSAMLProvidersResponse
 */
async function listSAMLProviders(request: ListSAMLProvidersRequest): ListSAMLProvidersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listSAMLProvidersWithOptions(request, runtime);
}

model ListTagResourcesRequest {
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request if the response of the current request is truncated. You can use the token to initiate another request and obtain the remaining records.', example='caeba0bbb2be03f84eb48b699f0a4883'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. If a response is truncated because it reaches the value of PageSize, the value of IsTruncated will be true. Valid values: 1 to 100. Default value: 100.', example='2'),
  resourceId?: [ string ](name='ResourceId', description='The ID of resource N.

Valid values of N: 1 to 50. If ResourceType is set to user, the resource ID is the ID of the RAM user.

> You must specify only one of the following parameters: ResourceId and ResourcePrincipalName.'),
  resourcePrincipalName?: [ string ](name='ResourcePrincipalName', description='The name of resource N.

Valid values of N: 1 to 50. If ResourceType is set to user, the resource name is the name of the RAM user.

> You must specify only one of the following parameters: ResourceId and ResourcePrincipalName.'),
  resourceType?: string(name='ResourceType', description='The type of the resource. Valid value:

*   user: a RAM user', example='user'),
  tag?: [ 
    {
      key?: string(name='Key', description='The key of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='operator'),
      value?: string(name='Value', description='The value of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='alice'),
    }
  ](name='Tag', description='The tag value.

Valid values of N: 1 to 20. N must be consecutive.'),
}

model ListTagResourcesResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  nextToken?: string(name='NextToken', description='The marker. This parameter is returned only if the value of IsTruncated is true. If the parameter is returned, you can call this operation again and set this parameter to obtain the truncated part.', example='caeba0bbb2be03f84eb48b699f0a****'),
  requestId?: string(name='RequestId', description='The request ID.', example='4BE83135-0B08-467C-B3A2-27B312FD0F57'),
  tagResources?: {
    tagResource?: [ 
    {
      resourceId?: string(name='ResourceId', description='The ID of the resource.', example='20732900249392****'),
      resourceType?: string(name='ResourceType', description='The type of the resource. Valid values:

*   user: a RAM user', example='user'),
      tagKey?: string(name='TagKey', description='The tag key.', example='operator'),
      tagValue?: string(name='TagValue', description='The tag value.', example='alice'),
    }
  ](name='TagResource')
  }(name='TagResources', description='The tag key.'),
}

model ListTagResourcesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListTagResourcesResponseBody(name='body'),
}

/**
 * @summary Queries the tags that are added resources.
 *
 * @description ###
 * You must specify at least one of the following parameters or parameter pairs in a request to determine a query object:
 * *   `ResourceId.N`
 * *   `Tag.N.Key`
 * *   `Tag.N.Key` and `Tag.N.Value`
 *
 * @param request ListTagResourcesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListTagResourcesResponse
 */
async function listTagResourcesWithOptions(request: ListTagResourcesRequest, runtime: Util.RuntimeOptions): ListTagResourcesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.pageSize)) {
    query['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.resourceId)) {
    query['ResourceId'] = request.resourceId;
  }
  if (!Util.isUnset(request.resourcePrincipalName)) {
    query['ResourcePrincipalName'] = request.resourcePrincipalName;
  }
  if (!Util.isUnset(request.resourceType)) {
    query['ResourceType'] = request.resourceType;
  }
  if (!Util.isUnset(request.tag)) {
    query['Tag'] = request.tag;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListTagResources',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the tags that are added resources.
 *
 * @description ###
 * You must specify at least one of the following parameters or parameter pairs in a request to determine a query object:
 * *   `ResourceId.N`
 * *   `Tag.N.Key`
 * *   `Tag.N.Key` and `Tag.N.Value`
 *
 * @param request ListTagResourcesRequest
 * @return ListTagResourcesResponse
 */
async function listTagResources(request: ListTagResourcesRequest): ListTagResourcesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listTagResourcesWithOptions(request, runtime);
}

model ListUserBasicInfosRequest {
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries to return. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be `true`.

Valid values: 1 to 1000. Default value: 100.', example='100'),
  status?: string(name='Status', description='The status of the RAM users that you want to query. Valid values: active, freeze, and active,freeze. If you set the value to active,freeze, RAM users in both active and freeze states are queried. If you leave the parameter empty, the value active is used by default. If the Tag parameter is specified, you cannot specify the Status parameter. In this case, RAM users in both states are queried.', example='active'),
  tag?: [ 
    {
      key?: string(name='Key', description='The key of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='operator'),
      value?: string(name='Value', description='The value of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='alice'),
    }
  ](name='Tag', description='The tags.'),
}

model ListUserBasicInfosResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The `marker`. This parameter is returned only if the value of `IsTruncated` is `true`. If the parameter is returned, you can call this operation again and set this parameter to obtain the truncated part.``', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='EF2B25FD-CADE-445B-BE4D-E082E0FF1A0F'),
  userBasicInfos?: {
    userBasicInfo?: [ 
    {
      displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
      status?: string(name='Status', description='The status of the RAM user.', example='active'),
      userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
      userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
    }
  ](name='UserBasicInfo')
  }(name='UserBasicInfos', description='The basic information about the RAM users.'),
}

model ListUserBasicInfosResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUserBasicInfosResponseBody(name='body'),
}

/**
 * @summary Queries the basic information about all Resource Access Management (RAM) users.
 *
 * @description You can call the following API operations to query information about all RAM users:
 * *   ListUsers: queries the details of all RAM users.
 * *   ListUserBasicInfos: queries the basic information about all RAM users. The basic information includes only the logon names (`UserPrincipalName`), display names (`DisplayName`), and user IDs (`UserId`).
 *
 * @param request ListUserBasicInfosRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUserBasicInfosResponse
 */
async function listUserBasicInfosWithOptions(request: ListUserBasicInfosRequest, runtime: Util.RuntimeOptions): ListUserBasicInfosResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.tag)) {
    query['Tag'] = request.tag;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUserBasicInfos',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the basic information about all Resource Access Management (RAM) users.
 *
 * @description You can call the following API operations to query information about all RAM users:
 * *   ListUsers: queries the details of all RAM users.
 * *   ListUserBasicInfos: queries the basic information about all RAM users. The basic information includes only the logon names (`UserPrincipalName`), display names (`DisplayName`), and user IDs (`UserId`).
 *
 * @param request ListUserBasicInfosRequest
 * @return ListUserBasicInfosResponse
 */
async function listUserBasicInfos(request: ListUserBasicInfosRequest): ListUserBasicInfosResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUserBasicInfosWithOptions(request, runtime);
}

model ListUsersRequest {
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries per page. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be true.

Valid values: 1 to 1000. Default value: 1000.', example='1000'),
  status?: string(name='Status', description='The status of the RAM users that you want to query. Valid values: active, freeze, and active,freeze. If you leave the parameter empty, the value active is used by default. If you specify a value for the Tag parameter, users in both states are queried.', example='active'),
  tag?: [ 
    {
      key?: string(name='Key', description='The key of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='operator'),
      value?: string(name='Value', description='The value of tag N.

Valid values of N: 1 to 20. N must be consecutive.', example='alice'),
    }
  ](name='Tag', description='The tags. A maximum number of 20 tags are supported.'),
}

model ListUsersResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The parameter that is used to obtain the truncated part. It takes effect only when `IsTruncated` is set to `true`.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='4B450CA1-36E8-4AA2-8461-86B42BF4CC4E'),
  users?: {
    user?: [ 
    {
      comments?: string(name='Comments', description='The description.', example='This is a cloud computing engineer.'),
      createDate?: string(name='CreateDate', description='The point in time when the RAM user was created. The time is displayed in UTC.', example='2020-10-12T09:12:00Z'),
      displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
      email?: string(name='Email', description='The email address of the RAM user.

>  This parameter applies only to the Alibaba Cloud China site (aliyun.com).', example='alice@example.com'),
      lastLoginDate?: string(name='LastLoginDate', description='The timestamp when the RAM user last logged on to the console.', example='2020-10-12T09:12:00Z'),
      mobilePhone?: string(name='MobilePhone', description='The mobile phone number of the RAM user.

>  This parameter applies only to the Alibaba Cloud China site (aliyun.com).', example='86-1868888****'),
      provisionType?: string(name='ProvisionType', description='The source of the RAM user. Valid values:

*   Manual: The RAM user is manually created in the RAM console.
*   SCIM: The RAM user is mapped by using System for Cross-domain Identity Management (SCIM).
*   CloudSSO: The RAM user is mapped from a CloudSSO user.', example='CloudSSO'),
      status?: string(name='Status', description='The status of the RAM user.', example='active'),
      tags?: {
        tag?: [ 
        {
          tagKey?: string(name='TagKey', description='The key of the tag.', example='oparator'),
          tagValue?: string(name='TagValue', description='The value of the tag', example='alice'),
        }
      ](name='Tag')
      }(name='Tags', description='The tags.'),
      updateDate?: string(name='UpdateDate', description='The point in time when the information about the RAM user was last modified. The time is displayed in UTC.', example='2020-10-13T09:19:49Z'),
      userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
      userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
    }
  ](name='User')
  }(name='Users', description='The information about the RAM users.'),
}

model ListUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersResponseBody(name='body'),
}

/**
 * @summary Queries information about all Resource Access Management (RAM) users.
 *
 * @description ### [](#)
 * You can call the following API operations to query the details of all RAM users:
 * *   ListUsers: queries the details of all RAM users.
 * *   ListUserBasicInfos: queries the basic information about all RAM users. The basic information includes only the logon names (`UserPrincipalName`), display names (`DisplayName`), and user IDs (`UserId`).
 *
 * @param request ListUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersResponse
 */
async function listUsersWithOptions(request: ListUsersRequest, runtime: Util.RuntimeOptions): ListUsersResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.tag)) {
    query['Tag'] = request.tag;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUsers',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries information about all Resource Access Management (RAM) users.
 *
 * @description ### [](#)
 * You can call the following API operations to query the details of all RAM users:
 * *   ListUsers: queries the details of all RAM users.
 * *   ListUserBasicInfos: queries the basic information about all RAM users. The basic information includes only the logon names (`UserPrincipalName`), display names (`DisplayName`), and user IDs (`UserId`).
 *
 * @param request ListUsersRequest
 * @return ListUsersResponse
 */
async function listUsers(request: ListUsersRequest): ListUsersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUsersWithOptions(request, runtime);
}

model ListUsersForGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Test-Team'),
  marker?: string(name='Marker', description='The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request.``

When you call the operation for the first time, if the total number of returned entries exceeds the value of `MaxItems`, the entries are truncated. The system returns entries based on the value of `MaxItems` and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `Marker` is returned. In the next call, you can use the value of `Marker` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries per page.

Valid values: 1 to 100.

Default value: 100.', example='100'),
}

model ListUsersForGroupResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The pagination token that is used in the next request to retrieve a new page of results.

>  This parameter is returned only when `IsTruncated` is `true`.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='789FF581-B3C8-43A8-9115-54304B46D05C'),
  users?: {
    user?: [ 
    {
      displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
      joinDate?: string(name='JoinDate', description='The time when the RAM user was added to the RAM user group. The time is displayed in UTC.', example='2020-10-20T06:57:00Z'),
      userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
      userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
    }
  ](name='User')
  }(name='Users', description='The information about the RAM users.'),
}

model ListUsersForGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersForGroupResponseBody(name='body'),
}

/**
 * @summary Queries Resource Access Management (RAM) users in a RAM user group.
 *
 * @param request ListUsersForGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroupWithOptions(request: ListUsersForGroupRequest, runtime: Util.RuntimeOptions): ListUsersForGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUsersForGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries Resource Access Management (RAM) users in a RAM user group.
 *
 * @param request ListUsersForGroupRequest
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroup(request: ListUsersForGroupRequest): ListUsersForGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUsersForGroupWithOptions(request, runtime);
}

model ListUsersInRecycleBinRequest {
  filter?: string(name='Filter', description='The filter condition that is used to query information about a specified RAM user in the recycle bin.

You must specify this parameter in the `UserPrincipalName eq <username>@<AccountAlias>.onaliyun.com` format.', example='UserPrincipalName eq test@example.onaliyun.com'),
  marker?: string(name='Marker', description='The `marker`. If part of a previous response is truncated, you can use this parameter to obtain the truncated part.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries to return. If a response is truncated because it reaches the value of `MaxItems`, the value of `IsTruncated` will be true.

Valid values: 1 to 100. Default value: 100.', example='100'),
}

model ListUsersInRecycleBinResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The parameter that is used to obtain the truncated part. It takes effect only when `IsTruncated` is set to `true`.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='3687BD52-49FD-585B-AB14-CD05B7C76963'),
  users?: {
    user?: [ 
    {
      createDate?: string(name='CreateDate', description='The time when the RAM user was created.', example='2020-10-12T09:12:00Z'),
      deleteDate?: string(name='DeleteDate', description='The time when the RAM user will be permanently deleted from the recycle bin.', example='2020-11-15T09:12:00Z'),
      displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test@example.onaliyun.com'),
      recycleDate?: string(name='RecycleDate', description='The time when the RAM user was deleted and moved to the recycle bin.', example='2020-10-15T09:12:00Z'),
      userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
      userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
    }
  ](name='User')
  }(name='Users', description='The information about the RAM users.'),
}

model ListUsersInRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersInRecycleBinResponseBody(name='body'),
}

/**
 * @summary Queries the basic information about all Resource Access Management (RAM) users in the recycle bin.
 *
 * @param request ListUsersInRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersInRecycleBinResponse
 */
async function listUsersInRecycleBinWithOptions(request: ListUsersInRecycleBinRequest, runtime: Util.RuntimeOptions): ListUsersInRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.filter)) {
    query['Filter'] = request.filter;
  }
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUsersInRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the basic information about all Resource Access Management (RAM) users in the recycle bin.
 *
 * @param request ListUsersInRecycleBinRequest
 * @return ListUsersInRecycleBinResponse
 */
async function listUsersInRecycleBin(request: ListUsersInRecycleBinRequest): ListUsersInRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUsersInRecycleBinWithOptions(request, runtime);
}

model ListVirtualMFADevicesRequest {
  marker?: string(name='Marker', description='The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request.``

When you call the operation for the first time, if the total number of returned entries exceeds the value of `MaxItems`, the entries are truncated. The system returns entries based on the value of `MaxItems` and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `Marker` is returned. In the next call, you can use the value of `Marker` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of the `IsTruncated` parameter becomes `false`. This way, all entries are returned.', example='EXAMPLE'),
  maxItems?: int32(name='MaxItems', description='The number of entries per page.

Valid values: 1 to 100.

Default value: 100.', example='100'),
}

model ListVirtualMFADevicesResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the response is truncated. Valid values:

*   true
*   false', example='true'),
  marker?: string(name='Marker', description='The pagination token that is used in the next request to retrieve a new page of results.

>  This parameter is returned only when `IsTruncated` is `true`.', example='EXAMPLE'),
  requestId?: string(name='RequestId', description='The request ID.', example='32272612-DF82-485E-8BA9-AFA4E0C3D0BA'),
  virtualMFADevices?: {
    virtualMFADevice?: [ 
    {
      activateDate?: string(name='ActivateDate', description='The time when the MFA device was activated.', example='2020-10-16T06:02:09Z'),
      serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.', example='acs:ram::177242285274****:mfa/test'),
      user?: {
        displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='test'),
        userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
        userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@177242285274****.onaliyun.com'),
      }(name='User', description='The information of the RAM user that has an MFA device bound.'),
    }
  ](name='VirtualMFADevice')
  }(name='VirtualMFADevices', description='The information about the MFA device.'),
}

model ListVirtualMFADevicesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListVirtualMFADevicesResponseBody(name='body'),
}

/**
 * @summary Queries multi-factor authentication (MFA) devices.
 *
 * @param request ListVirtualMFADevicesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListVirtualMFADevicesResponse
 */
async function listVirtualMFADevicesWithOptions(request: ListVirtualMFADevicesRequest, runtime: Util.RuntimeOptions): ListVirtualMFADevicesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.marker)) {
    query['Marker'] = request.marker;
  }
  if (!Util.isUnset(request.maxItems)) {
    query['MaxItems'] = request.maxItems;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListVirtualMFADevices',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries multi-factor authentication (MFA) devices.
 *
 * @param request ListVirtualMFADevicesRequest
 * @return ListVirtualMFADevicesResponse
 */
async function listVirtualMFADevices(request: ListVirtualMFADevicesRequest): ListVirtualMFADevicesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listVirtualMFADevicesWithOptions(request, runtime);
}

model ProvisionApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='407426893752729****'),
  scopes?: string(name='Scopes', description='The permissions that are granted to the application. Separate multiple permissions with a semicolon (;).

>  For more information about the supported permissions, see [Overview](https://help.aliyun.com/zh/ram/user-guide/overview-of-oauth-applications).', example='openid;aliuid'),
}

model ProvisionApplicationResponseBody = {
  applicationProvisionInfo?: {
    accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account.', example='177242285274****'),
    appId?: string(name='AppId', description='The ID of the application.', example='452392483381546****'),
    appName?: string(name='AppName', description='The name of the application.', example='GiteePrd'),
    appPrincipalName?: string(name='AppPrincipalName', description='The name of the application principal. The value is in the `<app_name>@app.<account_id>.onaliyun.com` format.', example='GiteePrd@app.177242285274****.onaliyun.com'),
    createDate?: string(name='CreateDate', description='The time when the application was installed. The value is a timestamp.', example='1603693518000'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
          name?: string(name='Name', description='The name of the permission.', example='openid'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the permissions that are granted to the application.'),
    }(name='DelegatedScope', description='The information about the permissions that are granted to the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='GiteeAliyun'),
    tenantId?: string(name='TenantId', description='The ID of the Alibaba Cloud account for which the application was installed.', example='177242285274****'),
    updateDate?: string(name='UpdateDate', description='The update time. The value is a timestamp.', example='1603693518000'),
  }(name='ApplicationProvisionInfo', description='The installation information of the application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='C8AE06ED-9593-5BF9-8D4A-68D5DDCC90AB'),
}

model ProvisionApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ProvisionApplicationResponseBody(name='body'),
}

/**
 * @summary Installs an application.
 *
 * @param request ProvisionApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ProvisionApplicationResponse
 */
async function provisionApplicationWithOptions(request: ProvisionApplicationRequest, runtime: Util.RuntimeOptions): ProvisionApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  if (!Util.isUnset(request.scopes)) {
    query['Scopes'] = request.scopes;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ProvisionApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Installs an application.
 *
 * @param request ProvisionApplicationRequest
 * @return ProvisionApplicationResponse
 */
async function provisionApplication(request: ProvisionApplicationRequest): ProvisionApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return provisionApplicationWithOptions(request, runtime);
}

model ProvisionExternalApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='403550611646604****'),
  scopes?: string(name='Scopes', description='The information about the scope of permissions granted to the application. You can enter multiple scopes and separate them with semicolons (;).

>  For more information about the supported permission scopes, see the "OAuth scope" section in the [Overview](https://help.aliyun.com/zh/ram/user-guide/overview-of-oauth-applications) topic.', example='openid;aliuid'),
}

model ProvisionExternalApplicationResponseBody = {
  externalApplication?: {
    appPrincipalName?: string(name='AppPrincipalName', description='The name of the application principal. The value is in the `<app_name>@app.<account_id>.onaliyun.com` format.', example='GiteePrd@app.177242285274****.onaliyun.com'),
    createDate?: string(name='CreateDate', description='The time when the application was installed. The value is a timestamp.', example='1603693518000'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission scope.', example='Obtains the OpenID of the user. This is the default scope and cannot be deleted.'),
          name?: string(name='Name', description='The name of the permission scope.', example='openid'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the scopes of permissions that are granted to the application.'),
    }(name='DelegatedScope', description='The information about the scopes of permissions that are granted to the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='GiteeAliyun'),
    foreignAppId?: string(name='ForeignAppId', description='The ID of the application.', example='403550611646604****'),
    tenantId?: string(name='TenantId', description='The ID of the Alibaba Cloud account to which the external application belongs.', example='157242285274****'),
    updateDate?: string(name='UpdateDate', description='The update time. The value is a timestamp.', example='1603693518000'),
  }(name='ExternalApplication', description='The information about the external application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='55535873-9A6B-5C87-853F-C7CD258826F2'),
}

model ProvisionExternalApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ProvisionExternalApplicationResponseBody(name='body'),
}

/**
 * @summary Installs an external application.
 *
 * @param request ProvisionExternalApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ProvisionExternalApplicationResponse
 */
async function provisionExternalApplicationWithOptions(request: ProvisionExternalApplicationRequest, runtime: Util.RuntimeOptions): ProvisionExternalApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  if (!Util.isUnset(request.scopes)) {
    query['Scopes'] = request.scopes;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ProvisionExternalApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Installs an external application.
 *
 * @param request ProvisionExternalApplicationRequest
 * @return ProvisionExternalApplicationResponse
 */
async function provisionExternalApplication(request: ProvisionExternalApplicationRequest): ProvisionExternalApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return provisionExternalApplicationWithOptions(request, runtime);
}

model RemoveClientIdFromOIDCProviderRequest {
  clientId?: string(name='ClientId', description='The client ID that you want to remove.

The client ID can contain letters, digits, and special characters and cannot start with the special characters. The special characters are `periods, (.), hyphens (-), underscores (_), colons (:), and forward slashes (/)`.``

The client ID can be up to 64 characters in length.', example='498469743454717****'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model RemoveClientIdFromOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='598469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='EC9A8F3B-AFA5-5C8F-999D-F97BC7CF1FC5'),
}

model RemoveClientIdFromOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveClientIdFromOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the client ID `498469743454717****` from the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request RemoveClientIdFromOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveClientIdFromOIDCProviderResponse
 */
async function removeClientIdFromOIDCProviderWithOptions(request: RemoveClientIdFromOIDCProviderRequest, runtime: Util.RuntimeOptions): RemoveClientIdFromOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.clientId)) {
    query['ClientId'] = request.clientId;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemoveClientIdFromOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the client ID `498469743454717****` from the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request RemoveClientIdFromOIDCProviderRequest
 * @return RemoveClientIdFromOIDCProviderResponse
 */
async function removeClientIdFromOIDCProvider(request: RemoveClientIdFromOIDCProviderRequest): RemoveClientIdFromOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return removeClientIdFromOIDCProviderWithOptions(request, runtime);
}

model RemoveFingerprintFromOIDCProviderRequest {
  fingerprint?: string(name='Fingerprint', description='The fingerprint that you want to remove.', example='6938fd4d98bab03faadb97b34396831e3780****'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model RemoveFingerprintFromOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='0oa4u6l8x5WoaVbd****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='5938fd4d98bab03faadb97b34396831e3780****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='12'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='C90CE971-4C7F-5D93-BD3E-2D0E79D03C01'),
}

model RemoveFingerprintFromOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveFingerprintFromOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the fingerprint `6938fd4d98bab03faadb97b34396831e3780****` from the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request RemoveFingerprintFromOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveFingerprintFromOIDCProviderResponse
 */
async function removeFingerprintFromOIDCProviderWithOptions(request: RemoveFingerprintFromOIDCProviderRequest, runtime: Util.RuntimeOptions): RemoveFingerprintFromOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.fingerprint)) {
    query['Fingerprint'] = request.fingerprint;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemoveFingerprintFromOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to remove the fingerprint `6938fd4d98bab03faadb97b34396831e3780****` from the OIDC IdP named `TestOIDCProvider`.
 *
 * @param request RemoveFingerprintFromOIDCProviderRequest
 * @return RemoveFingerprintFromOIDCProviderResponse
 */
async function removeFingerprintFromOIDCProvider(request: RemoveFingerprintFromOIDCProviderRequest): RemoveFingerprintFromOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return removeFingerprintFromOIDCProviderWithOptions(request, runtime);
}

model RemoveUserFromGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Test-Team'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='alice@example.onaliyun.com'),
}

model RemoveUserFromGroupResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model RemoveUserFromGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveUserFromGroupResponseBody(name='body'),
}

/**
 * @summary Removes a Resource Access Management (RAM) user from a RAM user group.
 *
 * @param request RemoveUserFromGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUserFromGroupResponse
 */
async function removeUserFromGroupWithOptions(request: RemoveUserFromGroupRequest, runtime: Util.RuntimeOptions): RemoveUserFromGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemoveUserFromGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes a Resource Access Management (RAM) user from a RAM user group.
 *
 * @param request RemoveUserFromGroupRequest
 * @return RemoveUserFromGroupResponse
 */
async function removeUserFromGroup(request: RemoveUserFromGroupRequest): RemoveUserFromGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return removeUserFromGroupWithOptions(request, runtime);
}

model RestoreAccessKeyFromRecycleBinRequest {
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the RAM user.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userId?: string(name='UserId', description='The ID of the Resource Access Management (RAM) user.', example='20732900249392****'),
}

model RestoreAccessKeyFromRecycleBinResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model RestoreAccessKeyFromRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RestoreAccessKeyFromRecycleBinResponseBody(name='body'),
}

/**
 * @summary Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request RestoreAccessKeyFromRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RestoreAccessKeyFromRecycleBinResponse
 */
async function restoreAccessKeyFromRecycleBinWithOptions(request: RestoreAccessKeyFromRecycleBinRequest, runtime: Util.RuntimeOptions): RestoreAccessKeyFromRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RestoreAccessKeyFromRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request RestoreAccessKeyFromRecycleBinRequest
 * @return RestoreAccessKeyFromRecycleBinResponse
 */
async function restoreAccessKeyFromRecycleBin(request: RestoreAccessKeyFromRecycleBinRequest): RestoreAccessKeyFromRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return restoreAccessKeyFromRecycleBinWithOptions(request, runtime);
}

model RestoreUserFromRecycleBinRequest {
  userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
}

model RestoreUserFromRecycleBinResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B'),
}

model RestoreUserFromRecycleBinResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RestoreUserFromRecycleBinResponseBody(name='body'),
}

/**
 * @summary Restores a specific Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request RestoreUserFromRecycleBinRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RestoreUserFromRecycleBinResponse
 */
async function restoreUserFromRecycleBinWithOptions(request: RestoreUserFromRecycleBinRequest, runtime: Util.RuntimeOptions): RestoreUserFromRecycleBinResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RestoreUserFromRecycleBin',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Restores a specific Resource Access Management (RAM) user from the recycle bin.
 *
 * @param request RestoreUserFromRecycleBinRequest
 * @return RestoreUserFromRecycleBinResponse
 */
async function restoreUserFromRecycleBin(request: RestoreUserFromRecycleBinRequest): RestoreUserFromRecycleBinResponse {
  var runtime = new Util.RuntimeOptions{};
  return restoreUserFromRecycleBinWithOptions(request, runtime);
}

model SetDefaultDomainRequest {
  defaultDomainName?: string(name='DefaultDomainName', description='The default domain name.

The default domain name is in the format of `<AccountAlias>.onaliyun.com`. `<AccountAlias>` indicates the account alias. By default, the value of AccountAlias is the ID of the Alibaba Cloud account. The default domain name must end with `.onaliyun.com`.

The default domain name can contain up to 64 characters in length. The default domain name can contain letters, digits, periods (.), underscores (_), and hyphens (-).

>  The default domain name cannot start or end with a hyphen (-) and cannot contain two consecutive hyphens (-).

This parameter is required.', example='examplecompany.onaliyun.com'),
}

model SetDefaultDomainResponseBody = {
  defaultDomainName?: string(name='DefaultDomainName', description='The default domain name.', example='examplecompany.onaliyun.com'),
  requestId?: string(name='RequestId', description='The request ID.', example='66815255-7CCE-4759-AC37-9755794C3626'),
}

model SetDefaultDomainResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetDefaultDomainResponseBody(name='body'),
}

/**
 * @summary Configures the default domain name for an Alibaba Cloud account.
 *
 * @param request SetDefaultDomainRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetDefaultDomainResponse
 */
async function setDefaultDomainWithOptions(request: SetDefaultDomainRequest, runtime: Util.RuntimeOptions): SetDefaultDomainResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.defaultDomainName)) {
    query['DefaultDomainName'] = request.defaultDomainName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetDefaultDomain',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures the default domain name for an Alibaba Cloud account.
 *
 * @param request SetDefaultDomainRequest
 * @return SetDefaultDomainResponse
 */
async function setDefaultDomain(request: SetDefaultDomainRequest): SetDefaultDomainResponse {
  var runtime = new Util.RuntimeOptions{};
  return setDefaultDomainWithOptions(request, runtime);
}

model SetPasswordPolicyRequest {
  hardExpire?: boolean(name='HardExpire', description='Specifies whether to disable logon after the password expires. Valid values:

*   true: After the password expires, you cannot use the password to log on to the console. You can log on to the console only after you reset the password by using your Alibaba Cloud account or as a RAM user that has administrative rights.
*   false: After the password expires, you can change the password to log on to the console. This is the default value.', example='false'),
  maxLoginAttemps?: int32(name='MaxLoginAttemps', description='The maximum number of password retries. If you enter the wrong passwords for the specified consecutive times, the account is locked for one hour.

Valid values: 0 to 32.

The default value is 0, which indicates that the password retries are not limited.', example='0'),
  maxPasswordAge?: int32(name='MaxPasswordAge', description='The validity period of the password.

Valid values: 0 to 1095. Unit: days.

The default value is 0, which indicates that the password never expires.', example='0'),
  minimumPasswordDifferentCharacter?: int32(name='MinimumPasswordDifferentCharacter', description='The minimum number of unique characters in the password.

Valid values: 0 to 8.

The default value is 0, which indicates that no limits are imposed on the number of unique characters in a password.', example='0'),
  minimumPasswordLength?: int32(name='MinimumPasswordLength', description='The minimum number of characters in the password.

Valid values: 8 to 32. Default value: 8.', example='8'),
  passwordNotContainUserName?: boolean(name='PasswordNotContainUserName', description='Specifies whether to exclude the username from the password. Valid values:

*   true: A password cannot contain the username.
*   false: A password can contain the username. This is the default value.', example='false'),
  passwordReusePrevention?: int32(name='PasswordReusePrevention', description='The policy for password history check.

The previous N passwords cannot be reused. Valid values of N: 0 to 24.

The default value is 0, which indicates that RAM users can reuse previous passwords.', example='0'),
  requireLowercaseCharacters?: boolean(name='RequireLowercaseCharacters', description='Specifies whether the password must contain lowercase letters. Valid values:

*   true
*   false (default)', example='false'),
  requireNumbers?: boolean(name='RequireNumbers', description='Specifies whether the password must contain digits. Valid values:

*   true
*   false (default)', example='false'),
  requireSymbols?: boolean(name='RequireSymbols', description='Specifies whether the password must contain special characters. Valid values:

*   true
*   false (default)', example='false'),
  requireUppercaseCharacters?: boolean(name='RequireUppercaseCharacters', description='Specifies whether the password must contain uppercase letters. Valid values:

*   true
*   false (default)', example='false'),
}

model SetPasswordPolicyResponseBody = {
  passwordPolicy?: {
    hardExpire?: boolean(name='HardExpire', description='Indicates whether to disable logon after the password expires.', example='false'),
    maxLoginAttemps?: int32(name='MaxLoginAttemps', description='The maximum number of password retries.', example='0'),
    maxPasswordAge?: int32(name='MaxPasswordAge', description='The validity period of the password.', example='0'),
    minimumPasswordDifferentCharacter?: int32(name='MinimumPasswordDifferentCharacter', description='The minimum number of unique characters in the password.', example='0'),
    minimumPasswordLength?: int32(name='MinimumPasswordLength', description='The minimum number of characters in the password.', example='8'),
    passwordNotContainUserName?: boolean(name='PasswordNotContainUserName', description='Indicates whether to exclude the username from the password.', example='false'),
    passwordReusePrevention?: int32(name='PasswordReusePrevention', description='The policy for password history check.', example='0'),
    requireLowercaseCharacters?: boolean(name='RequireLowercaseCharacters', description='Indicates whether the password must contain lowercase letters.', example='false'),
    requireNumbers?: boolean(name='RequireNumbers', description='Indicates whether the password must contain digits.', example='false'),
    requireSymbols?: boolean(name='RequireSymbols', description='Indicates whether the password must contain special characters.', example='false'),
    requireUppercaseCharacters?: boolean(name='RequireUppercaseCharacters', description='Indicates whether the password must contain uppercase letters.', example='false'),
  }(name='PasswordPolicy', description='The details of the password policy.'),
  requestId?: string(name='RequestId', description='The request ID.', example='3FB5551F-B2ED-40D4-8392-1E4AC2384EFD'),
}

model SetPasswordPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordPolicyResponseBody(name='body'),
}

/**
 * @summary Configures the password policy for Resource Access Management (RAM) users.
 *
 * @param request SetPasswordPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordPolicyResponse
 */
async function setPasswordPolicyWithOptions(request: SetPasswordPolicyRequest, runtime: Util.RuntimeOptions): SetPasswordPolicyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.hardExpire)) {
    query['HardExpire'] = request.hardExpire;
  }
  if (!Util.isUnset(request.maxLoginAttemps)) {
    query['MaxLoginAttemps'] = request.maxLoginAttemps;
  }
  if (!Util.isUnset(request.maxPasswordAge)) {
    query['MaxPasswordAge'] = request.maxPasswordAge;
  }
  if (!Util.isUnset(request.minimumPasswordDifferentCharacter)) {
    query['MinimumPasswordDifferentCharacter'] = request.minimumPasswordDifferentCharacter;
  }
  if (!Util.isUnset(request.minimumPasswordLength)) {
    query['MinimumPasswordLength'] = request.minimumPasswordLength;
  }
  if (!Util.isUnset(request.passwordNotContainUserName)) {
    query['PasswordNotContainUserName'] = request.passwordNotContainUserName;
  }
  if (!Util.isUnset(request.passwordReusePrevention)) {
    query['PasswordReusePrevention'] = request.passwordReusePrevention;
  }
  if (!Util.isUnset(request.requireLowercaseCharacters)) {
    query['RequireLowercaseCharacters'] = request.requireLowercaseCharacters;
  }
  if (!Util.isUnset(request.requireNumbers)) {
    query['RequireNumbers'] = request.requireNumbers;
  }
  if (!Util.isUnset(request.requireSymbols)) {
    query['RequireSymbols'] = request.requireSymbols;
  }
  if (!Util.isUnset(request.requireUppercaseCharacters)) {
    query['RequireUppercaseCharacters'] = request.requireUppercaseCharacters;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetPasswordPolicy',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures the password policy for Resource Access Management (RAM) users.
 *
 * @param request SetPasswordPolicyRequest
 * @return SetPasswordPolicyResponse
 */
async function setPasswordPolicy(request: SetPasswordPolicyRequest): SetPasswordPolicyResponse {
  var runtime = new Util.RuntimeOptions{};
  return setPasswordPolicyWithOptions(request, runtime);
}

model SetSecurityPreferenceRequest {
  allowUserToChangePassword?: boolean(name='AllowUserToChangePassword', description='Specifies whether RAM users can change their passwords. Valid values:

*   true (default)
*   false', example='true'),
  allowUserToLoginWithPasskey?: boolean(name='AllowUserToLoginWithPasskey', description='Allow direct login using passkey.

- true

- false'),
  allowUserToManageAccessKeys?: boolean(name='AllowUserToManageAccessKeys', description='Specifies whether RAM users can manage their AccessKey pairs. Valid values:

*   true
*   false (default)', example='false'),
  allowUserToManageMFADevices?: boolean(name='AllowUserToManageMFADevices', description='Specifies whether RAM users can manage their MFA devices. Valid values:

*   true (default)
*   false', example='true'),
  allowUserToManagePersonalDingTalk?: boolean(name='AllowUserToManagePersonalDingTalk', description='Specifies whether RAM users can manage their personal DingTalk accounts, such as binding and unbinding of the accounts. Valid values:

*   true (default)
*   false', example='true'),
  enableSaveMFATicket?: boolean(name='EnableSaveMFATicket', description='Specifies whether RAM users can remember the MFA devices for seven days. Valid values:

*   true
*   false (default)', example='false'),
  loginNetworkMasks?: string(name='LoginNetworkMasks', description='The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). This parameter does not take effect on API calls that are authenticated by using AccessKey pairs.

*   If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
*   If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.

If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

You can specify up to 40 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.', example='10.0.0.0/8'),
  loginSessionDuration?: int32(name='LoginSessionDuration', description='The validity period of the logon session of RAM users.

Valid values: 1 to 24. Unit: hours.

Default value: 6.', example='6'),
  MFAOperationForLogin?: string(name='MFAOperationForLogin', description='Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console. This parameter is used to replace EnforceMFAForLogin. EnforceMFAForLogin is still valid. However, we recommend that you use MFAOperationForLogin. Valid values:

*   mandatory: MFA is required for all RAM users. If you use EnforceMFAForLogin, set the value to true.
*   independent (default): User-specific settings are applied. If you use EnforceMFAForLogin, set the value to false.
*   adaptive: MFA is required only for RAM users who initiated unusual logons.', example='adaptive'),
  operationForRiskLogin?: string(name='OperationForRiskLogin', description='Specifies whether to enable MFA for RAM users who initiated unusual logons. Valid values:

*   autonomous (default): yes. MFA is prompted for RAM users who initiated unusual logons. However, the RAM users are allowed to skip MFA.
*   enforceVerify: MFA is prompted for RAM users who initiated unusual logons and the RAM users cannot skip MFA.', example='autonomous'),
  verificationTypes?: [ string ](name='VerificationTypes', description='The MFA methods.'),
}

model SetSecurityPreferenceShrinkRequest {
  allowUserToChangePassword?: boolean(name='AllowUserToChangePassword', description='Specifies whether RAM users can change their passwords. Valid values:

*   true (default)
*   false', example='true'),
  allowUserToLoginWithPasskey?: boolean(name='AllowUserToLoginWithPasskey', description='Allow direct login using passkey.

- true

- false'),
  allowUserToManageAccessKeys?: boolean(name='AllowUserToManageAccessKeys', description='Specifies whether RAM users can manage their AccessKey pairs. Valid values:

*   true
*   false (default)', example='false'),
  allowUserToManageMFADevices?: boolean(name='AllowUserToManageMFADevices', description='Specifies whether RAM users can manage their MFA devices. Valid values:

*   true (default)
*   false', example='true'),
  allowUserToManagePersonalDingTalk?: boolean(name='AllowUserToManagePersonalDingTalk', description='Specifies whether RAM users can manage their personal DingTalk accounts, such as binding and unbinding of the accounts. Valid values:

*   true (default)
*   false', example='true'),
  enableSaveMFATicket?: boolean(name='EnableSaveMFATicket', description='Specifies whether RAM users can remember the MFA devices for seven days. Valid values:

*   true
*   false (default)', example='false'),
  loginNetworkMasks?: string(name='LoginNetworkMasks', description='The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). This parameter does not take effect on API calls that are authenticated by using AccessKey pairs.

*   If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
*   If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.

If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

You can specify up to 40 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.', example='10.0.0.0/8'),
  loginSessionDuration?: int32(name='LoginSessionDuration', description='The validity period of the logon session of RAM users.

Valid values: 1 to 24. Unit: hours.

Default value: 6.', example='6'),
  MFAOperationForLogin?: string(name='MFAOperationForLogin', description='Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console. This parameter is used to replace EnforceMFAForLogin. EnforceMFAForLogin is still valid. However, we recommend that you use MFAOperationForLogin. Valid values:

*   mandatory: MFA is required for all RAM users. If you use EnforceMFAForLogin, set the value to true.
*   independent (default): User-specific settings are applied. If you use EnforceMFAForLogin, set the value to false.
*   adaptive: MFA is required only for RAM users who initiated unusual logons.', example='adaptive'),
  operationForRiskLogin?: string(name='OperationForRiskLogin', description='Specifies whether to enable MFA for RAM users who initiated unusual logons. Valid values:

*   autonomous (default): yes. MFA is prompted for RAM users who initiated unusual logons. However, the RAM users are allowed to skip MFA.
*   enforceVerify: MFA is prompted for RAM users who initiated unusual logons and the RAM users cannot skip MFA.', example='autonomous'),
  verificationTypesShrink?: string(name='VerificationTypes', description='The MFA methods.'),
}

model SetSecurityPreferenceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='17494710-B4BA-4185-BBBB-C1A6ABDE1639'),
  securityPreference?: {
    accessKeyPreference?: {
      allowUserToManageAccessKeys?: boolean(name='AllowUserToManageAccessKeys', description='Indicates whether RAM users can manage their AccessKey pairs.', example='false'),
    }(name='AccessKeyPreference', description='The AccessKey pair preference.'),
    loginProfilePreference?: {
      allowUserToChangePassword?: boolean(name='AllowUserToChangePassword', description='Indicates whether RAM users can change their passwords.', example='true'),
      allowUserToLoginWithPasskey?: boolean(name='AllowUserToLoginWithPasskey', description='Allow direct login using passkey.

- true

- false'),
      enableSaveMFATicket?: boolean(name='EnableSaveMFATicket', description='Indicates whether RAM users can remember the MFA devices for seven days.', example='false'),
      loginNetworkMasks?: string(name='LoginNetworkMasks', description='The subnet mask.', example='10.0.0.0/8'),
      loginSessionDuration?: int32(name='LoginSessionDuration', description='The validity period of the logon session of RAM users.', example='6'),
      MFAOperationForLogin?: string(name='MFAOperationForLogin', description='Indicates whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console.', example='adaptive'),
      operationForRiskLogin?: string(name='OperationForRiskLogin', description='Indicates whether to enable MFA for RAM users who initiated unusual logons.', example='autonomous'),
    }(name='LoginProfilePreference', description='The logon preference.'),
    MFAPreference?: {
      allowUserToManageMFADevices?: boolean(name='AllowUserToManageMFADevices', description='Indicates whether RAM users can manage their MFA devices.', example='false'),
    }(name='MFAPreference', description='The MFA preference.'),
    maxIdleDays?: {
      maxIdleDaysForAccessKeys?: int32(name='MaxIdleDaysForAccessKeys', description='The maximum number of days that the AccessKey pair of a RAM user can stay unused. If an AccessKey pair is not used in the previous specified number of days, the AccessKey pair is automatically disabled on the next day. The default value is 730. You cannot change the value.', example='730'),
      maxIdleDaysForUsers?: int32(name='MaxIdleDaysForUsers', description='The maximum number of days that a RAM user can stay idle. If a RAM user for whom console logon is enabled does not log on to the console in the previous specified number of days, console logon is automatically disabled for the RAM user on the next day. SSO is not involved. The default value is 730. You cannot change the value.', example='730'),
    }(name='MaxIdleDays', description='The maximum idle periods. Unit: days.'),
    personalInfoPreference?: {
      allowUserToManagePersonalDingTalk?: boolean(name='AllowUserToManagePersonalDingTalk', description='Indicates whether RAM users can manage their personal DingTalk accounts, such as binding and unbinding of the accounts.', example='true'),
    }(name='PersonalInfoPreference', description='The personal information preference.'),
    verificationPreference?: {
      verificationTypes?: [ string ](name='VerificationTypes', description='The MFA methods.'),
    }(name='VerificationPreference', description='The MFA method preference.'),
  }(name='SecurityPreference', description='The details of security preferences.'),
}

model SetSecurityPreferenceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetSecurityPreferenceResponseBody(name='body'),
}

/**
 * @summary Configures security preferences for a RAM user.
 *
 * @description ###
 * This topic provides an example on how to enable multi-factor authentication (MFA) only for RAM users who initiated unusual logons.
 *
 * @param tmpReq SetSecurityPreferenceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetSecurityPreferenceResponse
 */
async function setSecurityPreferenceWithOptions(tmpReq: SetSecurityPreferenceRequest, runtime: Util.RuntimeOptions): SetSecurityPreferenceResponse {
  Util.validateModel(tmpReq);
  var request = new SetSecurityPreferenceShrinkRequest{};
  OpenApiUtil.convert(tmpReq, request);
  if (!Util.isUnset(tmpReq.verificationTypes)) {
    request.verificationTypesShrink = OpenApiUtil.arrayToStringWithSpecifiedStyle(tmpReq.verificationTypes, 'VerificationTypes', 'json');
  }
  var query = {};
  if (!Util.isUnset(request.allowUserToChangePassword)) {
    query['AllowUserToChangePassword'] = request.allowUserToChangePassword;
  }
  if (!Util.isUnset(request.allowUserToLoginWithPasskey)) {
    query['AllowUserToLoginWithPasskey'] = request.allowUserToLoginWithPasskey;
  }
  if (!Util.isUnset(request.allowUserToManageAccessKeys)) {
    query['AllowUserToManageAccessKeys'] = request.allowUserToManageAccessKeys;
  }
  if (!Util.isUnset(request.allowUserToManageMFADevices)) {
    query['AllowUserToManageMFADevices'] = request.allowUserToManageMFADevices;
  }
  if (!Util.isUnset(request.allowUserToManagePersonalDingTalk)) {
    query['AllowUserToManagePersonalDingTalk'] = request.allowUserToManagePersonalDingTalk;
  }
  if (!Util.isUnset(request.enableSaveMFATicket)) {
    query['EnableSaveMFATicket'] = request.enableSaveMFATicket;
  }
  if (!Util.isUnset(request.loginNetworkMasks)) {
    query['LoginNetworkMasks'] = request.loginNetworkMasks;
  }
  if (!Util.isUnset(request.loginSessionDuration)) {
    query['LoginSessionDuration'] = request.loginSessionDuration;
  }
  if (!Util.isUnset(request.MFAOperationForLogin)) {
    query['MFAOperationForLogin'] = request.MFAOperationForLogin;
  }
  if (!Util.isUnset(request.operationForRiskLogin)) {
    query['OperationForRiskLogin'] = request.operationForRiskLogin;
  }
  if (!Util.isUnset(request.verificationTypesShrink)) {
    query['VerificationTypes'] = request.verificationTypesShrink;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetSecurityPreference',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures security preferences for a RAM user.
 *
 * @description ###
 * This topic provides an example on how to enable multi-factor authentication (MFA) only for RAM users who initiated unusual logons.
 *
 * @param request SetSecurityPreferenceRequest
 * @return SetSecurityPreferenceResponse
 */
async function setSecurityPreference(request: SetSecurityPreferenceRequest): SetSecurityPreferenceResponse {
  var runtime = new Util.RuntimeOptions{};
  return setSecurityPreferenceWithOptions(request, runtime);
}

model SetUserSsoSettingsRequest {
  auxiliaryDomain?: string(name='AuxiliaryDomain', description='The auxiliary domain name.', example='example.com'),
  metadataDocument?: string(name='MetadataDocument', description='The metadata file, which is Base64-encoded.

The file is provided by an identity provider (IdP) that supports Security Assertion Markup Language (SAML) 2.0.', example='PD94bWwgdmVy****'),
  ssoEnabled?: boolean(name='SsoEnabled', description='Specifies whether to enable SSO for the RAM user. Valid values:

*   true
*   false (default)', example='true'),
  ssoLoginWithDomain?: boolean(name='SsoLoginWithDomain', description='Specifies whether the SAML SSO requires a domain name in the `<saml:NameID>` element of the SAML response. If yes, the username specified by the IdP for SSO must have a domain name as the suffix.

*   If the value of the parameter is `true`, the `<saml:NameID>` element **must** be in the `username@domain` format. You can set `domain` to the default domain name or the configured domain alias.
*   If the value of the parameter is `false`, the `<saml:NameID>` element **must** be in the `username` format and **cannot** contain the `domain` suffix.

Set the value to the default `true`.', example='true'),
}

model SetUserSsoSettingsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='87F2E3F6-28A0-43F3-A77F-F7760E62F61E'),
  userSsoSettings?: {
    auxiliaryDomain?: string(name='AuxiliaryDomain', description='The auxiliary domain name.', example='example.com'),
    metadataDocument?: string(name='MetadataDocument', description='The metadata file, which is Base64-encoded.', example='PD94bWwgdmVy****'),
    ssoEnabled?: boolean(name='SsoEnabled', description='Indicates whether user-based SSO is enabled.', example='true'),
    ssoLoginWithDomain?: boolean(name='SsoLoginWithDomain', description='Indicates whether the SAML SSO requires a domain name in the `<saml:NameID>` element of the SAML response. If yes, the username specified by the IdP for SSO must have a domain name as the suffix.

*   If the value of the parameter is `true`, the `<saml:NameID>` element **must** be in the `username@domain` format. You can set `domain` to the default domain name or the configured domain alias.
*   If the value of the parameter is `false`, the `<saml:NameID>` element **must** be in the `username` format and **cannot** contain the `domain` suffix.

The default value is `true`.', example='true'),
  }(name='UserSsoSettings', description='The configurations of user-based SSO.'),
}

model SetUserSsoSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetUserSsoSettingsResponseBody(name='body'),
}

/**
 * @summary Configures information about user-based single sign-on (SSO).
 *
 * @param request SetUserSsoSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetUserSsoSettingsResponse
 */
async function setUserSsoSettingsWithOptions(request: SetUserSsoSettingsRequest, runtime: Util.RuntimeOptions): SetUserSsoSettingsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.auxiliaryDomain)) {
    query['AuxiliaryDomain'] = request.auxiliaryDomain;
  }
  if (!Util.isUnset(request.metadataDocument)) {
    query['MetadataDocument'] = request.metadataDocument;
  }
  if (!Util.isUnset(request.ssoEnabled)) {
    query['SsoEnabled'] = request.ssoEnabled;
  }
  if (!Util.isUnset(request.ssoLoginWithDomain)) {
    query['SsoLoginWithDomain'] = request.ssoLoginWithDomain;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetUserSsoSettings',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Configures information about user-based single sign-on (SSO).
 *
 * @param request SetUserSsoSettingsRequest
 * @return SetUserSsoSettingsResponse
 */
async function setUserSsoSettings(request: SetUserSsoSettingsRequest): SetUserSsoSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return setUserSsoSettingsWithOptions(request, runtime);
}

model SetVerificationInfoRequest {
  email?: string(name='Email', description='The email address.

>  If you set `VerifyType` to `email`, you must specify this parameter.', example='username@example.com'),
  mobilePhone?: string(name='MobilePhone', description='The mobile phone number.

>  If you set `VerifyType` to `sms`, you must specify this parameter.', example='86-13900001234'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  verifyType?: string(name='VerifyType', description='The multi-factor authentication (MFA) method. Valid values:

*   sms: mobile phone.
*   email: email.', example='sms'),
}

model SetVerificationInfoResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B182C041-8C64-5F2F-A07B-FC67FAF89CF9'),
}

model SetVerificationInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetVerificationInfoResponseBody(name='body'),
}

/**
 * @summary Binds a mobile phone or email to a Resource Access Management (RAM) user.
 *
 * @param request SetVerificationInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetVerificationInfoResponse
 */
async function setVerificationInfoWithOptions(request: SetVerificationInfoRequest, runtime: Util.RuntimeOptions): SetVerificationInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.email)) {
    query['Email'] = request.email;
  }
  if (!Util.isUnset(request.mobilePhone)) {
    query['MobilePhone'] = request.mobilePhone;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  if (!Util.isUnset(request.verifyType)) {
    query['VerifyType'] = request.verifyType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetVerificationInfo',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Binds a mobile phone or email to a Resource Access Management (RAM) user.
 *
 * @param request SetVerificationInfoRequest
 * @return SetVerificationInfoResponse
 */
async function setVerificationInfo(request: SetVerificationInfoRequest): SetVerificationInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return setVerificationInfoWithOptions(request, runtime);
}

model TagResourcesRequest {
  resourceId?: [ string ](name='ResourceId', description='The ID of resource N.

Valid values of N: 1 to 50. If the ResourceType parameter is set to user, the resource ID is the ID of the RAM user.

>  You must specify only one of the following parameters: `ResourceId` and `ResourcePrincipalName`.'),
  resourcePrincipalName?: [ string ](name='ResourcePrincipalName', description='The name of resource N.

Valid values of N: 1 to 50. If the ResourceType parameter is set to user, the resource name is the name of the RAM user.

>  You must specify only one of the following parameters: `ResourceId` and `ResourcePrincipalName`.', example='TagResources'),
  resourceType?: string(name='ResourceType', description='The type of the resource. Valid value:

*   user: a Resource Access Management (RAM) user.', example='user'),
  tag?: [ 
    {
      key?: string(name='Key', description='The key of tag N.

Valid values of N: 1 to 20. You cannot specify empty strings as tag keys. The tag key can be up to 128 characters in length. The tag key cannot start with `aliyun` or `acs:` and cannot contain `http://` or `https://`.', example='operator'),
      value?: string(name='Value', description='The value of tag N.

Valid values of N: 1 to 20. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot contain `http://` or `https://`.', example='alice'),
    }
  ](name='Tag', description='The key of tag N.

Valid values of N: 1 to 20. You cannot specify empty strings as tag keys. The tag key can be up to 128 characters in length. The tag key cannot start with aliyun or acs: and cannot contain `http://` or `https://`.'),
}

model TagResourcesResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='3687BD52-49FD-585B-AB14-CD05B7C76963'),
}

model TagResourcesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: TagResourcesResponseBody(name='body'),
}

/**
 * @summary Adds tags to resources.
 *
 * @param request TagResourcesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return TagResourcesResponse
 */
async function tagResourcesWithOptions(request: TagResourcesRequest, runtime: Util.RuntimeOptions): TagResourcesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.resourceId)) {
    query['ResourceId'] = request.resourceId;
  }
  if (!Util.isUnset(request.resourcePrincipalName)) {
    query['ResourcePrincipalName'] = request.resourcePrincipalName;
  }
  if (!Util.isUnset(request.resourceType)) {
    query['ResourceType'] = request.resourceType;
  }
  if (!Util.isUnset(request.tag)) {
    query['Tag'] = request.tag;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'TagResources',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Adds tags to resources.
 *
 * @param request TagResourcesRequest
 * @return TagResourcesResponse
 */
async function tagResources(request: TagResourcesRequest): TagResourcesResponse {
  var runtime = new Util.RuntimeOptions{};
  return tagResourcesWithOptions(request, runtime);
}

model UnbindMFADeviceRequest {
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model UnbindMFADeviceResponseBody = {
  MFADevice?: {
    serialNumber?: string(name='SerialNumber', description='The serial number of the MFA device.', example='acs:ram::151298381312****:mfa/device001'),
  }(name='MFADevice', description='The information about the MFA device.'),
  requestId?: string(name='RequestId', description='The request ID.', example='A26CB3E9-1021-452A-AC57-3134B3BA0E4C'),
}

model UnbindMFADeviceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UnbindMFADeviceResponseBody(name='body'),
}

/**
 * @summary Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
 *
 * @param request UnbindMFADeviceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UnbindMFADeviceResponse
 */
async function unbindMFADeviceWithOptions(request: UnbindMFADeviceRequest, runtime: Util.RuntimeOptions): UnbindMFADeviceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UnbindMFADevice',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
 *
 * @param request UnbindMFADeviceRequest
 * @return UnbindMFADeviceResponse
 */
async function unbindMFADevice(request: UnbindMFADeviceRequest): UnbindMFADeviceResponse {
  var runtime = new Util.RuntimeOptions{};
  return unbindMFADeviceWithOptions(request, runtime);
}

model UnbindVerificationRequest {
  email?: string(name='Email', description='The email address.

>  If you set `VerifyType` to `email`, you must specify this parameter.', example='username@example.com'),
  mobilePhone?: string(name='MobilePhone', description='The mobile phone number.

>  If you set `VerifyType` to `sms`, you must specify this parameter.', example='86-13900001234'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example.onaliyun.com'),
  verifyType?: string(name='VerifyType', description='The multi-factor authentication (MFA) method. Valid values:

*   sms: mobile phone.
*   email: email.', example='sms'),
}

model UnbindVerificationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B182C041-8C64-5F2F-A07B-FC67FAF89CF9'),
}

model UnbindVerificationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UnbindVerificationResponseBody(name='body'),
}

/**
 * @summary Unbinds a mobile phone or email from a Resource Access Management (RAM) user.
 *
 * @param request UnbindVerificationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UnbindVerificationResponse
 */
async function unbindVerificationWithOptions(request: UnbindVerificationRequest, runtime: Util.RuntimeOptions): UnbindVerificationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.email)) {
    query['Email'] = request.email;
  }
  if (!Util.isUnset(request.mobilePhone)) {
    query['MobilePhone'] = request.mobilePhone;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  if (!Util.isUnset(request.verifyType)) {
    query['VerifyType'] = request.verifyType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UnbindVerification',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Unbinds a mobile phone or email from a Resource Access Management (RAM) user.
 *
 * @param request UnbindVerificationRequest
 * @return UnbindVerificationResponse
 */
async function unbindVerification(request: UnbindVerificationRequest): UnbindVerificationResponse {
  var runtime = new Util.RuntimeOptions{};
  return unbindVerificationWithOptions(request, runtime);
}

model UntagResourcesRequest {
  all?: boolean(name='All', description='Specifies whether to remove all tags from the resource. Valid values:

*   true: remove all tags from the resources.
*   false (default): does not remove all tags from the resources.

> This parameter takes effect only when TagKey.N is not set in the request.', example='false'),
  resourceId?: [ string ](name='ResourceId', description='The IDs of resources.

Valid values of N: 1 to 50. If the ResourceType parameter is set to user, the resource ID is the ID of the RAM user.

> You must specify only one of the following parameters: ResourceId and ResourcePrincipalName.', example='UntagResources'),
  resourcePrincipalName?: [ string ](name='ResourcePrincipalName', description='The names of resources.

Valid values of N: 1 to 50. If the ResourceType parameter is set to user, the resource name is the name of the RAM user.

> You must specify only one of the following parameters: ResourceId and ResourcePrincipalName.'),
  resourceType?: string(name='ResourceType', description='The type of the resource. Valid value:

*   user: a RAM user', example='user'),
  tagKey?: [ string ](name='TagKey', description='The tag keys of resources.

Valid values of N: 1 to 20. N must be consecutive.'),
}

model UntagResourcesResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='6AC79B74-9A78-58E2-818B-1D38EDC64D67'),
}

model UntagResourcesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UntagResourcesResponseBody(name='body'),
}

/**
 * @summary Removes tags from a resource.
 *
 * @param request UntagResourcesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UntagResourcesResponse
 */
async function untagResourcesWithOptions(request: UntagResourcesRequest, runtime: Util.RuntimeOptions): UntagResourcesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.all)) {
    query['All'] = request.all;
  }
  if (!Util.isUnset(request.resourceId)) {
    query['ResourceId'] = request.resourceId;
  }
  if (!Util.isUnset(request.resourcePrincipalName)) {
    query['ResourcePrincipalName'] = request.resourcePrincipalName;
  }
  if (!Util.isUnset(request.resourceType)) {
    query['ResourceType'] = request.resourceType;
  }
  if (!Util.isUnset(request.tagKey)) {
    query['TagKey'] = request.tagKey;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UntagResources',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Removes tags from a resource.
 *
 * @param request UntagResourcesRequest
 * @return UntagResourcesResponse
 */
async function untagResources(request: UntagResourcesRequest): UntagResourcesResponse {
  var runtime = new Util.RuntimeOptions{};
  return untagResourcesWithOptions(request, runtime);
}

model UpdateAccessKeyRequest {
  status?: string(name='Status', description='The status of the AccessKey pair. Valid values:

*   Active
*   Inactive

This parameter is required.', example='Active'),
  userAccessKeyId?: string(name='UserAccessKeyId', description='The AccessKey ID of the AccessKey pair for which you want to modify the status.

This parameter is required.', example='LTAI4GFTgcR8m8cZQDTH****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

If this parameter is empty, the status of the AccessKey pair for the current user is modified.', example='test@example.onaliyun.com'),
}

model UpdateAccessKeyResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B9AF80E4-1565-42D9-9256-0B8B0D9FD3EC'),
}

model UpdateAccessKeyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateAccessKeyResponseBody(name='body'),
}

/**
 * @summary Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request UpdateAccessKeyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateAccessKeyResponse
 */
async function updateAccessKeyWithOptions(request: UpdateAccessKeyRequest, runtime: Util.RuntimeOptions): UpdateAccessKeyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.userAccessKeyId)) {
    query['UserAccessKeyId'] = request.userAccessKeyId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateAccessKey',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
 *
 * @param request UpdateAccessKeyRequest
 * @return UpdateAccessKeyResponse
 */
async function updateAccessKey(request: UpdateAccessKeyRequest): UpdateAccessKeyResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateAccessKeyWithOptions(request, runtime);
}

model UpdateApplicationRequest {
  appId?: string(name='AppId', description='The ID of the application.

This parameter is required.', example='472457090344041****'),
  newAccessTokenValidity?: int32(name='NewAccessTokenValidity', description='The validity period of the access token.

Valid values: 900 to 10800. Unit: seconds.', example='3600'),
  newDisplayName?: string(name='NewDisplayName', description='The display name.', example='NewApp'),
  newIsMultiTenant?: boolean(name='NewIsMultiTenant', description='Specifies whether the application can be installed by using other Alibaba Cloud accounts. Valid values:

*   true
*   false', example='true'),
  newPredefinedScopes?: string(name='NewPredefinedScopes', description='The permission that is granted on the application.

For more information about the application permission scope, see [OAuth scopes](https://help.aliyun.com/document_detail/93693.html). You can also call the [ListPredefinedScopes](https://help.aliyun.com/document_detail/187206.html) operation to query the permissions that are supported by different types of applications.

If you enter multiple permissions, separate them with semicolons (;).

The new value of this parameter overwrites the original value, and the permission specified by the new value takes effect. For example, if the original value is `/acs/ccc`, and the new value is `/acs/alidns`, `/acs/alidns` takes effect. If you want to retain the original permission and the `/acs/alidns` permission, set the value to `/acs/ccc;/acs/alidns`.', example='openid'),
  newRedirectUris?: string(name='NewRedirectUris', description='The callback URL.

If you enter multiple callback URLs, separate them with semicolons (;).', example='https://www.example.com'),
  newRefreshTokenValidity?: int32(name='NewRefreshTokenValidity', description='The validity period of the refresh token.

Valid values: 7200 to 31536000. Unit: seconds.', example='7776000'),
  newRequiredScopes?: string(name='NewRequiredScopes', description='The required permission.

You can specify one or more permissions for the `RequiredScopes` parameter. After you specify this parameter, the required permissions are automatically selected and cannot be revoked when a user grants permissions on the application.

If you also specify the `NewPredefinedScopes` parameter, the `NewPredefinedScopes` parameter specifies the permissions that can be granted on the application, and this parameter specifies the required permissions.

If you enter multiple permissions, separate them with semicolons (;).

The new value of this parameter overwrites the original value, and the required permission specified by the new value takes effect.

>  If the permission that you specify for the `RequiredScopes` parameter is not included in value of the `PredefinedScopes` parameter, the permission does not take effect.', example='profile;aliuid'),
  newSecretRequired?: boolean(name='NewSecretRequired', description='Specifies whether a secret is required. Valid values:

*   true
*   false

> 

*   For applications of the WebApp and ServerApp types, this parameter is automatically set to true and cannot be changed.
*   For applications of the NativeApp type, this parameter can be set to true or false. If you do not set this parameter, false is used. Applications of the NativeApp type run in untrusted environments and the secrets of these applications are not protected. Therefore, we recommend that you do not set this parameter to true unless otherwise specified. For more information, see [Use an application of the NativeApp type to log on to Alibaba Cloud](https://help.aliyun.com/document_detail/93697.html).', example='true'),
}

model UpdateApplicationResponseBody = {
  application?: {
    accessTokenValidity?: int32(name='AccessTokenValidity', description='The validity period of the access token. Unit: seconds.', example='3600'),
    accountId?: string(name='AccountId', description='The ID of the Alibaba Cloud account to which the application belongs.', example='177242285274****'),
    appId?: string(name='AppId', description='The ID of the application.', example='472457090344041****'),
    appName?: string(name='AppName', description='The application name.', example='myapp'),
    appType?: string(name='AppType', description='The application type.', example='WebApp'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-23T08:06:57Z'),
    delegatedScope?: {
      predefinedScopes?: {
        predefinedScope?: [ 
        {
          description?: string(name='Description', description='The description of the permission.', example='Obtain the OpenID of the user. This is the default permission that you cannot remove.'),
          name?: string(name='Name', description='The name of the permission.', example='openid'),
          required?: boolean(name='Required', description='Indicates whether the permission is automatically selected by default when you install the application. Valid values:

*   true
*   false

`openid` is required by default.', example='true'),
        }
      ](name='PredefinedScope')
      }(name='PredefinedScopes', description='The information about the permissions that are granted on the application.'),
    }(name='DelegatedScope', description='The information about the permissions that are granted on the application.'),
    displayName?: string(name='DisplayName', description='The display name of the application.', example='NewApp'),
    isMultiTenant?: boolean(name='IsMultiTenant', description='Indicates whether the application can be installed by using other Alibaba Cloud accounts.', example='true'),
    redirectUris?: {
      redirectUri?: [ string ](name='RedirectUri')
    }(name='RedirectUris', description='The callback URLs.'),
    refreshTokenValidity?: int32(name='RefreshTokenValidity', description='The validity period of the refresh token. Unit: seconds.', example='7776000'),
    secretRequired?: boolean(name='SecretRequired', description='Indicates whether a secret is required.', example='true'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-23T08:06:57Z'),
  }(name='Application', description='The information about the application.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6616F09B-2768-4C11-8866-A8EE4C4A583E'),
}

model UpdateApplicationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateApplicationResponseBody(name='body'),
}

/**
 * @summary Modifies the information about a specified application.
 *
 * @param request UpdateApplicationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateApplicationResponse
 */
async function updateApplicationWithOptions(request: UpdateApplicationRequest, runtime: Util.RuntimeOptions): UpdateApplicationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.appId)) {
    query['AppId'] = request.appId;
  }
  if (!Util.isUnset(request.newAccessTokenValidity)) {
    query['NewAccessTokenValidity'] = request.newAccessTokenValidity;
  }
  if (!Util.isUnset(request.newDisplayName)) {
    query['NewDisplayName'] = request.newDisplayName;
  }
  if (!Util.isUnset(request.newIsMultiTenant)) {
    query['NewIsMultiTenant'] = request.newIsMultiTenant;
  }
  if (!Util.isUnset(request.newPredefinedScopes)) {
    query['NewPredefinedScopes'] = request.newPredefinedScopes;
  }
  if (!Util.isUnset(request.newRedirectUris)) {
    query['NewRedirectUris'] = request.newRedirectUris;
  }
  if (!Util.isUnset(request.newRefreshTokenValidity)) {
    query['NewRefreshTokenValidity'] = request.newRefreshTokenValidity;
  }
  if (!Util.isUnset(request.newRequiredScopes)) {
    query['NewRequiredScopes'] = request.newRequiredScopes;
  }
  if (!Util.isUnset(request.newSecretRequired)) {
    query['NewSecretRequired'] = request.newSecretRequired;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateApplication',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the information about a specified application.
 *
 * @param request UpdateApplicationRequest
 * @return UpdateApplicationResponse
 */
async function updateApplication(request: UpdateApplicationRequest): UpdateApplicationResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateApplicationWithOptions(request, runtime);
}

model UpdateGroupRequest {
  groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Dev-Team'),
  newComments?: string(name='NewComments', description='The new description.

The description can be up to 128 characters in length.', example='Test-Team'),
  newDisplayName?: string(name='NewDisplayName', description='The new display name of the RAM user group.

The name can be up to 24 characters in length.', example='Test-Team'),
  newGroupName?: string(name='NewGroupName', description='The new name of the RAM user group.

The name can be up to 64 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).', example='Test-Team'),
}

model UpdateGroupResponseBody = {
  group?: {
    comments?: string(name='Comments', description='The description.', example='Test-Team'),
    createDate?: string(name='CreateDate', description='The creation time.', example='2020-10-19T16:15:17Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user group.', example='Test-Team'),
    groupId?: string(name='GroupId', description='The ID of the RAM user group.', example='740317625433843****'),
    groupName?: string(name='GroupName', description='The name of the RAM user group.', example='Test-Team'),
    updateDate?: string(name='UpdateDate', description='The update time.', example='2020-10-20T03:44:27Z'),
  }(name='Group', description='The information about the RAM user group.'),
  requestId?: string(name='RequestId', description='The request ID.', example='CDA656E3-3CE9-4A03-A8A3-B42A0C3C3287'),
}

model UpdateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateGroupResponseBody(name='body'),
}

/**
 * @summary Modifies information about a Resource Access Management (RAM) user group.
 *
 * @param request UpdateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateGroupResponse
 */
async function updateGroupWithOptions(request: UpdateGroupRequest, runtime: Util.RuntimeOptions): UpdateGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  if (!Util.isUnset(request.newComments)) {
    query['NewComments'] = request.newComments;
  }
  if (!Util.isUnset(request.newDisplayName)) {
    query['NewDisplayName'] = request.newDisplayName;
  }
  if (!Util.isUnset(request.newGroupName)) {
    query['NewGroupName'] = request.newGroupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateGroup',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies information about a Resource Access Management (RAM) user group.
 *
 * @param request UpdateGroupRequest
 * @return UpdateGroupResponse
 */
async function updateGroup(request: UpdateGroupRequest): UpdateGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateGroupWithOptions(request, runtime);
}

model UpdateLoginProfileRequest {
  MFABindRequired?: boolean(name='MFABindRequired', description='Specifies whether to forcefully enable multi-factor authentication (MFA) for the RAM user. Valid values:

*   true: forcefully enables MFA for the RAM user. The RAM user must bind an MFA device upon the next logon.
*   false: does not forcefully enable MFA for the RAM user.', example='false'),
  password?: string(name='Password', description='The new password that is used to log on to the console.

The new password must meet the complexity requirements.', example='mypassword'),
  passwordResetRequired?: boolean(name='PasswordResetRequired', description='Specifies whether the RAM user is required to reset the password upon the next logon. Valid values:

*   true
*   false', example='false'),
  status?: string(name='Status', description='Specifies whether to enable password-based logons to the console. Valid values:

*   Active: enables password-based logons to the console.
*   Inactive: disables password-based logons to the console.', example='Active'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

This parameter is required.', example='test@example.onaliyun.com'),
}

model UpdateLoginProfileResponseBody = {
  loginProfile?: {
    autoDisableLoginStatus?: string(name='AutoDisableLoginStatus', description='Indicates whether console logon is automatically disabled if a RAM user does not log on to the console in the previous specified number of days. The number of days is specified by MaxIdleDaysForUsers. The default value is true, and you cannot change the value.', example='true'),
    MFABindRequired?: boolean(name='MFABindRequired', description='Indicates whether MFA must be enabled.', example='false'),
    passwordResetRequired?: boolean(name='PasswordResetRequired', description='Indicates whether the RAM user is required to reset the password upon the next logon.', example='false'),
    status?: string(name='Status', description='Indicates whether to enable password-based logons to the console.', example='Active'),
    updateDate?: string(name='UpdateDate', description='The modification time.', example='2020-10-14T07:48:41Z'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='test@example11.onaliyun.com'),
  }(name='LoginProfile', description='The console logon configurations.'),
  requestId?: string(name='RequestId', description='The request ID.', example='BCDB6A7F-2199-41D9-B577-4FA536A5ADE1'),
}

model UpdateLoginProfileResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateLoginProfileResponseBody(name='body'),
}

/**
 * @summary Modifies the console logon configurations of a Resource Access Management (RAM) user.
 *
 * @param request UpdateLoginProfileRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateLoginProfileResponse
 */
async function updateLoginProfileWithOptions(request: UpdateLoginProfileRequest, runtime: Util.RuntimeOptions): UpdateLoginProfileResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.MFABindRequired)) {
    query['MFABindRequired'] = request.MFABindRequired;
  }
  if (!Util.isUnset(request.password)) {
    query['Password'] = request.password;
  }
  if (!Util.isUnset(request.passwordResetRequired)) {
    query['PasswordResetRequired'] = request.passwordResetRequired;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateLoginProfile',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the console logon configurations of a Resource Access Management (RAM) user.
 *
 * @param request UpdateLoginProfileRequest
 * @return UpdateLoginProfileResponse
 */
async function updateLoginProfile(request: UpdateLoginProfileRequest): UpdateLoginProfileResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateLoginProfileWithOptions(request, runtime);
}

model UpdateOIDCProviderRequest {
  clientIds?: string(name='ClientIds', description='The ID of the client. If you want to specify multiple client IDs, separate the client IDs with commas (,).

The client ID can contain letters, digits, and special characters and cannot start with the special characters. The special characters are `periods, (.), hyphens (-), underscores (_), colons (:), and forward slashes (/)`.``

The client ID can be up to 64 characters in length.

> If you specify this parameter, all the client IDs of the OIDC IdP are replaced. If you need to only add or remove a client ID, call the AddClientIdToOIDCProvider or RemoveClientIdFromOIDCProvider operation. For more information, see [AddClientIdToOIDCProvider](https://help.aliyun.com/document_detail/332057.html) or [RemoveClientIdFromOIDCProvider](https://help.aliyun.com/document_detail/332058.html).', example='498469743454717****'),
  issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='6'),
  newDescription?: string(name='NewDescription', description='The description of the OIDC IdP.

The description can be up to 256 characters in length.', example='This is a new OIDC Provider.'),
  OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
}

model UpdateOIDCProviderResponseBody = {
  OIDCProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the OIDC IdP.', example='acs:ram::177242285274****:oidc-provider/TestOIDCProvider'),
    clientIds?: string(name='ClientIds', description='The ID of the client. If multiple client IDs are returned, the client IDs are separated by commas (,).', example='498469743454717****'),
    createDate?: string(name='CreateDate', description='The time when the OIDC IdP was created. The time is displayed in UTC.', example='2021-11-11T06:56:03Z'),
    description?: string(name='Description', description='The description of the OIDC IdP.', example='This is a new OIDC Provider.'),
    fingerprints?: string(name='Fingerprints', description='The fingerprint of the HTTPS certificate. If multiple fingerprints are returned, the fingerprints are separated by commas (,).', example='902ef2deeb3c5b13ea4c3d5193629309e231****'),
    gmtCreate?: string(name='GmtCreate', description='The timestamp when the OIDC IdP was created.', example='1636613763000'),
    gmtModified?: string(name='GmtModified', description='The timestamp when the OIDC IdP was modified.', example='1636706309000'),
    issuanceLimitTime?: long(name='IssuanceLimitTime', description='The earliest time when an external IdP can issue an ID token. If the value of the iat field in the ID token is later than the current time, the request is rejected. Unit: hours. Valid values: 1 to 168.', example='6'),
    issuerUrl?: string(name='IssuerUrl', description='The URL of the issuer.', example='https://dev-xxxxxx.okta.com'),
    OIDCProviderName?: string(name='OIDCProviderName', description='The name of the OIDC IdP.', example='TestOIDCProvider'),
    updateDate?: string(name='UpdateDate', description='The time when the OIDC IdP was modified. The time is displayed in UTC.', example='2021-11-12T08:38:29Z'),
  }(name='OIDCProvider', description='The information about the OIDC IdP.'),
  requestId?: string(name='RequestId', description='The request ID.', example='E4C4D1BD-2558-5BD1-8C26-A5D7FB174A55'),
}

model UpdateOIDCProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateOIDCProviderResponseBody(name='body'),
}

/**
 * @summary Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to change the description of the OIDC IdP named `TestOIDCProvider` to `This is a new OIDC Provider.`
 *
 * @param request UpdateOIDCProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateOIDCProviderResponse
 */
async function updateOIDCProviderWithOptions(request: UpdateOIDCProviderRequest, runtime: Util.RuntimeOptions): UpdateOIDCProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.clientIds)) {
    query['ClientIds'] = request.clientIds;
  }
  if (!Util.isUnset(request.issuanceLimitTime)) {
    query['IssuanceLimitTime'] = request.issuanceLimitTime;
  }
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.OIDCProviderName)) {
    query['OIDCProviderName'] = request.OIDCProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateOIDCProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP).
 *
 * @description ###
 * This topic provides an example on how to change the description of the OIDC IdP named `TestOIDCProvider` to `This is a new OIDC Provider.`
 *
 * @param request UpdateOIDCProviderRequest
 * @return UpdateOIDCProviderResponse
 */
async function updateOIDCProvider(request: UpdateOIDCProviderRequest): UpdateOIDCProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateOIDCProviderWithOptions(request, runtime);
}

model UpdatePasskeyRequest {
  passkeyId?: string(name='PasskeyId', description='The ID of the passkey.', example='PASSKEY-CuZjEHhWcr7GIQOMGvkS'),
  passkeyName?: string(name='PasskeyName', description='The name of the passkey.', example='device1'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the Resource Access Management (RAM) user.', example='test@example.onaliyun.com'),
}

model UpdatePasskeyResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='85836703-8D4F-485F-9726-4D1C730F957E'),
}

model UpdatePasskeyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdatePasskeyResponseBody(name='body'),
}

/**
 * @summary Updates the name of a passkey.
 *
 * @param request UpdatePasskeyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdatePasskeyResponse
 */
async function updatePasskeyWithOptions(request: UpdatePasskeyRequest, runtime: Util.RuntimeOptions): UpdatePasskeyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.passkeyId)) {
    query['PasskeyId'] = request.passkeyId;
  }
  if (!Util.isUnset(request.passkeyName)) {
    query['PasskeyName'] = request.passkeyName;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdatePasskey',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Updates the name of a passkey.
 *
 * @param request UpdatePasskeyRequest
 * @return UpdatePasskeyResponse
 */
async function updatePasskey(request: UpdatePasskeyRequest): UpdatePasskeyResponse {
  var runtime = new Util.RuntimeOptions{};
  return updatePasskeyWithOptions(request, runtime);
}

model UpdateSAMLProviderRequest {
  newDescription?: string(name='NewDescription', description='The new description.

>  You must specify at least one of the `NewDescription` and `NewEncodedSAMLMetadataDocument` parameters.', example='This is a new provider.'),
  newEncodedSAMLMetadataDocument?: string(name='NewEncodedSAMLMetadataDocument', description='The new metadata file.

>  You must specify at least one of the `NewDescription` and `NewEncodedSAMLMetadataDocument` parameters.', example='PD94bWwgdmVy****'),
  SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP whose information you want to modify.

This parameter is required.', example='test-provider'),
}

model UpdateSAMLProviderResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='E5EDDFD2-3654-4F9F-9780-4AE7D81823EF'),
  SAMLProvider?: {
    arn?: string(name='Arn', description='The Alibaba Cloud Resource Name (ARN) of the IdP.', example='acs:ram::177242285274****:saml-provider/test-provider'),
    createDate?: string(name='CreateDate', description='The point in time at which the IdP was created. The time is displayed in UTC.', example='2020-10-22T02:37:05Z'),
    description?: string(name='Description', description='The description of the IdP.', example='This is a new provider.'),
    SAMLProviderName?: string(name='SAMLProviderName', description='The name of the IdP.', example='test-provider'),
    updateDate?: string(name='UpdateDate', description='The point in time at which the information about the IdP was modified. The time is displayed in UTC.', example='2020-10-22T02:51:20Z'),
  }(name='SAMLProvider', description='The information about the IdP.'),
}

model UpdateSAMLProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateSAMLProviderResponseBody(name='body'),
}

/**
 * @summary Modifies information about an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @description This topic provides an example on how to change the description of an IdP named `test-provider` to `This is a new provider.`
 *
 * @param request UpdateSAMLProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateSAMLProviderResponse
 */
async function updateSAMLProviderWithOptions(request: UpdateSAMLProviderRequest, runtime: Util.RuntimeOptions): UpdateSAMLProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.newEncodedSAMLMetadataDocument)) {
    query['NewEncodedSAMLMetadataDocument'] = request.newEncodedSAMLMetadataDocument;
  }
  if (!Util.isUnset(request.SAMLProviderName)) {
    query['SAMLProviderName'] = request.SAMLProviderName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateSAMLProvider',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies information about an identity provider (IdP) for role-based single sign-on (SSO).
 *
 * @description This topic provides an example on how to change the description of an IdP named `test-provider` to `This is a new provider.`
 *
 * @param request UpdateSAMLProviderRequest
 * @return UpdateSAMLProviderResponse
 */
async function updateSAMLProvider(request: UpdateSAMLProviderRequest): UpdateSAMLProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateSAMLProviderWithOptions(request, runtime);
}

model UpdateUserRequest {
  newComments?: string(name='NewComments', description='The new description of the RAM user.

The description must be 1 to 128 characters in length.', example='This is a cloud computing engineer.'),
  newDisplayName?: string(name='NewDisplayName', description='The new display name of the RAM user.

The name must be 1 to 24 characters in length.', example='new'),
  newEmail?: string(name='NewEmail', description='The new email address of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='alice@example.com'),
  newMobilePhone?: string(name='NewMobilePhone', description='The new mobile phone number of the RAM user.

Format: \\\\<Country code>-\\\\<Mobile phone number>.

> This parameter is valid only on the China site (aliyun.com).', example='86-1868888****'),
  newUserPrincipalName?: string(name='NewUserPrincipalName', description='The new logon name of the RAM user.

The name is in the format of `<username>@<AccountAlias>.onaliyun.com`. `<username>` indicates the name of the RAM user. `<AccountAlias>.onaliyun.com` indicates the default domain name.

The value of `NewUserPrincipalName` must be `1 to 128` characters in length and can contain letters, digits, periods (.), hyphens (-), and underscores (_). The value of `<username>` must be `1 to 64` characters in length.', example='new@example.onaliyun.com'),
  userId?: string(name='UserId', description='The ID of the RAM user.

> You must specify only one of the following parameters: `UserPrincipalName` and `UserId`.', example='20732900249392****'),
  userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.

> You must specify only one of the following parameters: `UserPrincipalName` and `UserId`.', example='test@example.onaliyun.com'),
}

model UpdateUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='1B56DD42-6962-4F89-A19C-079EED1F0FE3'),
  user?: {
    comments?: string(name='Comments', description='The description.', example='This is a cloud computing engineer.'),
    createDate?: string(name='CreateDate', description='The time when the RAM user was created.', example='2020-10-12T09:12:00Z'),
    displayName?: string(name='DisplayName', description='The display name of the RAM user.', example='new'),
    email?: string(name='Email', description='The email address of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='alice@example.com'),
    lastLoginDate?: string(name='LastLoginDate', description='The last time when the RAM user logged on to the Alibaba Cloud Management Console.', example='2020-10-12T09:12:00Z'),
    mobilePhone?: string(name='MobilePhone', description='The mobile phone number of the RAM user.

> This parameter is valid only on the China site (aliyun.com).', example='86-1868888****'),
    provisionType?: string(name='ProvisionType', description='The source of the RAM user. Valid values:

*   Manual: The RAM user is manually created in the RAM console.
*   SCIM: The RAM user is mapped by using System for Cross-domain Identity Management (SCIM).
*   CloudSSO: The RAM user is mapped from a CloudSSO user.', example='Manual'),
    updateDate?: string(name='UpdateDate', description='The time when the information about the RAM user was updated.', example='2020-10-13T09:19:49Z'),
    userId?: string(name='UserId', description='The ID of the RAM user.', example='20732900249392****'),
    userPrincipalName?: string(name='UserPrincipalName', description='The logon name of the RAM user.', example='new@example.onaliyun.com'),
  }(name='User', description='The information about the RAM user.'),
}

model UpdateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserResponseBody(name='body'),
}

/**
 * @summary Modifies the information about a RAM user.
 *
 * @description This topic provides an example to show how to modify the name of a RAM user from `test@example.onaliyun.com` to `new@example.onaliyun.com`.
 *
 * @param request UpdateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserResponse
 */
async function updateUserWithOptions(request: UpdateUserRequest, runtime: Util.RuntimeOptions): UpdateUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.newComments)) {
    query['NewComments'] = request.newComments;
  }
  if (!Util.isUnset(request.newDisplayName)) {
    query['NewDisplayName'] = request.newDisplayName;
  }
  if (!Util.isUnset(request.newEmail)) {
    query['NewEmail'] = request.newEmail;
  }
  if (!Util.isUnset(request.newMobilePhone)) {
    query['NewMobilePhone'] = request.newMobilePhone;
  }
  if (!Util.isUnset(request.newUserPrincipalName)) {
    query['NewUserPrincipalName'] = request.newUserPrincipalName;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!Util.isUnset(request.userPrincipalName)) {
    query['UserPrincipalName'] = request.userPrincipalName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUser',
    version = '2019-08-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  if (Util.isUnset(@signatureVersion) || !Util.equalString(@signatureVersion, 'v4')) {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies the information about a RAM user.
 *
 * @description This topic provides an example to show how to modify the name of a RAM user from `test@example.onaliyun.com` to `new@example.onaliyun.com`.
 *
 * @param request UpdateUserRequest
 * @return UpdateUserResponse
 */
async function updateUser(request: UpdateUserRequest): UpdateUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserWithOptions(request, runtime);
}

